--- loncom/interface/lonparmset.pm	2007/08/24 21:31:41	1.377
+++ loncom/interface/lonparmset.pm	2007/08/30 00:01:56	1.378
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set parameters for assessments
 #
-# $Id: lonparmset.pm,v 1.377 2007/08/24 21:31:41 www Exp $
+# $Id: lonparmset.pm,v 1.378 2007/08/30 00:01:56 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -577,6 +577,7 @@ sub valout {
 		&date_sanity_info($value);
         } else {
             $result = $value;
+	    $result = &HTML::Entities::encode($result,'"<>&');
         }
     }
     return $result;
@@ -613,10 +614,16 @@ sub plink {
     my ($parmname)=((split(/\&/,$marker))[1]=~/\_([^\_]+)$/);
     my ($hour,$min,$sec,$val)=&preset_defaults($parmname);
     unless (defined($winvalue)) { $winvalue=$val; }
+    my $valout = &valout($value,$type,1);
+    foreach my $item (\$type, \$dis, \$winvalue, \$marker, \$return, \$call,
+		      \$hour, \$min, \$sec) {
+	$$item = &HTML::Entities::encode($$item,'"<>&');
+	$$item =~ s/\'/\\\'/g;
+    }
     return '<table width="100%"><tr valign="top" align="right"><td><a name="'.$marker.'" /></td></tr><tr><td align="center">'.
 	'<a href="javascript:pjump('."'".$type."','".$dis."','".$winvalue."','"
 	    .$marker."','".$return."','".$call."','".$hour."','".$min."','".$sec."'".');">'.
-		&valout($value,$type,1).'</a></td></tr></table>';
+	    $valout.'</a></td></tr></table>';
 }
 
 sub page_js {
@@ -1594,7 +1601,8 @@ sub assessparms {
     foreach ('tolerance','date_default','date_start','date_end',
 	     'date_interval','int','float','string') {
 	$r->print('<input type="hidden" value="'.
-		  $env{'form.recent_'.$_}.'" name="recent_'.$_.'" />');
+		  &HTML::Entities::encode($env{'form.recent_'.$_},'"&<>').
+		  '" name="recent_'.$_.'" />');
     }
                         
     if (!$pssymb) {