38990114981b7e195d33206edd471797038c6557
galt
  Thu Aug 18 11:16:36 2016 -0700
Fixing XSS. Changed output from just printf to warn() which gets properly encoded output.

diff --git src/hg/hgc/hgc.c src/hg/hgc/hgc.c
index 8c21f75..017d98e 100644
--- src/hg/hgc/hgc.c
+++ src/hg/hgc/hgc.c
@@ -26271,31 +26271,31 @@
 else if (tdb != NULL && startsWithWord("vcfTabix", tdb->type))
     {
     doVcfTabixDetails(tdb, item);
     }
 else if (tdb != NULL && startsWithWord("vcf", tdb->type))
     {
     doVcfDetails(tdb, item);
     }
 else if (tdb != NULL)
     {
     genericClickHandler(tdb, item, NULL);
     }
 else
     {
     cartWebStart(cart, database, "%s", track);
-    printf("Sorry, clicking there doesn't do anything yet (%s).", track);
+    warn("Sorry, clicking there doesn't do anything yet (%s).", track);
     }
 /* End of 1000+ line dispatch on table involving 100+ if/elses. */
 
 cartHtmlEnd();
 }
 
 struct hash *orgDbHash = NULL;
 
 void initOrgDbHash()
 /* Function to initialize a hash of organism names that hash to a database ID.
  * This is used to show alignments by hashing the organism associated with the
  * track to the database name where the chromInfo is stored. For example, the
  * mousBlat track in the human browser would hash to the mm2 database. */
 {
 orgDbHash = hashNew(8);