aboutsummaryrefslogtreecommitdiffstats
path: root/tmpl
diff options
context:
space:
mode:
authorNicolas Vigier <boklm@mageia.org>2013-07-30 07:05:32 +0000
committerNicolas Vigier <boklm@mageia.org>2013-07-30 07:05:32 +0000
commit6d305314f22836d75d45cdcfbf21c88174d3fc1b (patch)
tree8a29c34666e09edb84fae80859c6182da02f5ac8 /tmpl
parentf1e11203fc66fa9d3f8503b3db4266fe00edb63b (diff)
downloadmgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar
mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar.gz
mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar.bz2
mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.tar.xz
mgaadvisories-6d305314f22836d75d45cdcfbf21c88174d3fc1b.zip
Correctly encode html in rss feed
Diffstat (limited to 'tmpl')
-rw-r--r--tmpl/advisory_item.rss7
1 files changed, 4 insertions, 3 deletions
diff --git a/tmpl/advisory_item.rss b/tmpl/advisory_item.rss
index 244db78..99c73d8 100644
--- a/tmpl/advisory_item.rss
+++ b/tmpl/advisory_item.rss
@@ -1,6 +1,7 @@
+[%- USE HTML -%]
[% SET advisory = advdb.advisories.$adv -%]
<item>
- <title>[% adv %] - [% advisory.subject %]</title>
+ <title>[% adv %] - [% HTML.escape(advisory.subject) %]</title>
<link>[% config.site_url %]/[% basename.ID(adv) %].html</link>
<guid isPermaLink="false">[% adv %]</guid>
<pubDate>[% date.format(advisory.status.published, format => '%a, %d %b %Y %H:%M:%S', gmt => 1) %] GMT</pubDate>
@@ -30,13 +31,13 @@
&lt;h2&gt;Description&lt;/h2&gt;
&lt;pre&gt;
- [%- advisory.description -%]
+ [%- HTML.escape(advisory.description) -%]
&lt;/pre&gt;
&lt;h2&gt;References&lt;/h2&gt;
&lt;ul&gt;
[% FOREACH ref IN advisory.references -%]
- &lt;li&gt;&lt;a href="[% ref %]"&gt;[% ref %]&lt;/a&gt;&lt;/li&gt;
+ &lt;li&gt;&lt;a href="[% HTML.escape(ref) %]"&gt;[% HTML.escape(ref) %]&lt;/a&gt;&lt;/li&gt;
[% END %]
[%- IF advisory.CVE -%]
[%- FOREACH cve IN advisory.CVE.list -%]
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-21 12:18:44 +0000