From 6d305314f22836d75d45cdcfbf21c88174d3fc1b Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Tue, 30 Jul 2013 07:05:32 +0000 Subject: Correctly encode html in rss feed --- tmpl/advisory_item.rss | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'tmpl') diff --git a/tmpl/advisory_item.rss b/tmpl/advisory_item.rss index 244db78..99c73d8 100644 --- a/tmpl/advisory_item.rss +++ b/tmpl/advisory_item.rss @@ -1,6 +1,7 @@ +[%- USE HTML -%] [% SET advisory = advdb.advisories.$adv -%] - [% adv %] - [% advisory.subject %] + [% adv %] - [% HTML.escape(advisory.subject) %] [% config.site_url %]/[% basename.ID(adv) %].html [% adv %] [% date.format(advisory.status.published, format => '%a, %d %b %Y %H:%M:%S', gmt => 1) %] GMT @@ -30,13 +31,13 @@ <h2>Description</h2> <pre> - [%- advisory.description -%] + [%- HTML.escape(advisory.description) -%] </pre> <h2>References</h2> <ul> [% FOREACH ref IN advisory.references -%] - <li><a href="[% ref %]">[% ref %]</a></li> + <li><a href="[% HTML.escape(ref) %]">[% HTML.escape(ref) %]</a></li> [% END %] [%- IF advisory.CVE -%] [%- FOREACH cve IN advisory.CVE.list -%] -- cgit v1.2.1