From 84e6bae9cdb42958f6cd1ca6e1a058469e9b64bb Mon Sep 17 00:00:00 2001
From: Suhendi <suhendi999@gmail.com>
Date: Wed, 29 Jan 2020 15:48:28 +0700
Subject: [PATCH] Escape gt and lt sign to prevent html injection

---
 view/biodata.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/view/biodata.php b/view/biodata.php
index 5357e46..b18743a 100644
--- a/view/biodata.php
+++ b/view/biodata.php
@@ -48,7 +48,10 @@
     <tr>
         <td><img class="icon" src="assets/image/address.png" ></td>
         <td class="data_type">Address </td>
-        <td><?php echo $data["address"] ?></textarea></td>
+        <td><?php
+        $text = str_replace(">", "&gt;", str_replace("<", "&lt;", $data["address"]));
+        echo $text;
+        ?></textarea></td>
     </tr>
     <tr>
         <td><img class="icon" src="assets/image/phone.png"> </td>
-- 
GitLab