From 6b8e94a14f9a8f2451f33e097e72dee1dfc04749 Mon Sep 17 00:00:00 2001
From: James Lucas III <github@cmsws.com>
Date: Mon, 16 Feb 2026 15:14:43 -0500
Subject: [PATCH] Escape single quotes in detail rows

Escape single quotes in detail variable for safety.
---
 httemplate/edit/elements/detail-table.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/httemplate/edit/elements/detail-table.html b/httemplate/edit/elements/detail-table.html
index 496ba31b3c..7fab7592df 100644
--- a/httemplate/edit/elements/detail-table.html
+++ b/httemplate/edit/elements/detail-table.html
@@ -66,6 +66,7 @@
   detail_table_info.field['<% $id %>'] = '<% $field %>';
   detail_table_info.rownum['<% $id %>'] = 0;
 % foreach my $detail ( @details ) { 
+% $detail =~ s/'/\\'/g;
   addDetailRow('<% $id %>','<% $detail %>');
 % } 
 </SCRIPT>