tagging: Make sure the related stories output is properly HTML escaped.

diff --git a/xtaran/tagging b/xtaran/tagging
index 988f3229df56f33e02650ab308c700a74e4bf05c..336bcc52e2f2606db8c7a4703ab7fdd50de7cf19 100644 (file)
--- a/xtaran/tagging
+++ b/xtaran/tagging
@@ -328,9 +328,9 @@ sub story {
        my $shared_tags_list = join(', ', @{$other_stories{$other}});
        my $shared_tags_number = scalar(@{$other_stories{$other}});
 
-       my $attr_title = "$shared_tags_number $shared_tags_text: $shared_tags_list";
-
-       $related_stories .= qq($related_story_prefix<a href="$opath" class="$related_story_class" title="$attr_title">$title</a>);
+       my $attr_title = blosxom::blosxom_html_escape("$shared_tags_number $shared_tags_text: $shared_tags_list");
+       my $attr_href = blosxom::blosxom_html_escape($opath);
+       $related_stories .= qq($related_story_prefix<a href="$attr_href" class="$related_story_class" title="$attr_title">$title</a>);
 
        $related_stories .= ' (' 
            if $show_shared_tags || $show_number_of_shared_tags;
@@ -338,7 +338,7 @@ sub story {
            if $show_number_of_shared_tags;
        $related_stories .= $shared_tags_text
            if $show_shared_tags || $show_number_of_shared_tags;
-       $related_stories .= ": $shared_tags_list"
+       $related_stories .= blosxom::blosxom_html_escape(": $shared_tags_list")
            if $show_shared_tags;
        $related_stories .= ')'
            if $show_shared_tags || $show_number_of_shared_tags;