diff options
author | Nicolas Vigier <boklm@mageia.org> | 2013-07-30 07:05:32 +0000 |
---|---|---|
committer | Nicolas Vigier <boklm@mageia.org> | 2013-07-30 07:05:32 +0000 |
commit | 6d305314f22836d75d45cdcfbf21c88174d3fc1b (patch) | |
tree | 8a29c34666e09edb84fae80859c6182da02f5ac8 | |
parent | f1e11203fc66fa9d3f8503b3db4266fe00edb63b (diff) | |
download | mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar.gz mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar.bz2 mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar.xz mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.zip |
Correctly encode html in rss feed
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | tmpl/advisory_item.rss | 7 |
2 files changed, 7 insertions, 3 deletions
@@ -1,3 +1,6 @@ + +- correctly encode html in rss feed + Version 0.14 - set ENCODING when creating templates diff --git a/tmpl/advisory_item.rss b/tmpl/advisory_item.rss index 244db78..99c73d8 100644 --- a/tmpl/advisory_item.rss +++ b/tmpl/advisory_item.rss @@ -1,6 +1,7 @@ +[%- USE HTML -%] [% SET advisory = advdb.advisories.$adv -%] <item> - <title>[% adv %] - [% advisory.subject %]</title> + <title>[% adv %] - [% HTML.escape(advisory.subject) %]</title> <link>[% config.site_url %]/[% basename.ID(adv) %].html</link> <guid isPermaLink="false">[% adv %]</guid> <pubDate>[% date.format(advisory.status.published, format => '%a, %d %b %Y %H:%M:%S', gmt => 1) %] GMT</pubDate> @@ -30,13 +31,13 @@ <h2>Description</h2> <pre> - [%- advisory.description -%] + [%- HTML.escape(advisory.description) -%] </pre> <h2>References</h2> <ul> [% FOREACH ref IN advisory.references -%] - <li><a href="[% ref %]">[% ref %]</a></li> + <li><a href="[% HTML.escape(ref) %]">[% HTML.escape(ref) %]</a></li> [% END %] [%- IF advisory.CVE -%] [%- FOREACH cve IN advisory.CVE.list -%] |