From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Fri, 12 Mar 2010 20:01:10 +0000 (+0100)
Subject: tagging: Make sure the related stories output is properly HTML escaped.
X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fupstream%2Fblosxom-plugins.git;a=commitdiff_plain;h=848567e3d8881dd1873c346567d5a03e0ddb7fa0

tagging: Make sure the related stories output is properly HTML escaped.
---

diff --git a/xtaran/tagging b/xtaran/tagging
index 988f322..336bcc5 100644
--- a/xtaran/tagging
+++ b/xtaran/tagging
@@ -328,9 +328,9 @@ sub story {
 	my $shared_tags_list = join(', ', @{$other_stories{$other}});
 	my $shared_tags_number = scalar(@{$other_stories{$other}});
 
-	my $attr_title = "$shared_tags_number $shared_tags_text: $shared_tags_list";
-
-	$related_stories .= qq($related_story_prefix<a href="$opath" class="$related_story_class" title="$attr_title">$title</a>);
+	my $attr_title = blosxom::blosxom_html_escape("$shared_tags_number $shared_tags_text: $shared_tags_list");
+	my $attr_href = blosxom::blosxom_html_escape($opath);
+	$related_stories .= qq($related_story_prefix<a href="$attr_href" class="$related_story_class" title="$attr_title">$title</a>);
 
 	$related_stories .= ' (' 
 	    if $show_shared_tags || $show_number_of_shared_tags;
@@ -338,7 +338,7 @@ sub story {
 	    if $show_number_of_shared_tags;
 	$related_stories .= $shared_tags_text
 	    if $show_shared_tags || $show_number_of_shared_tags;
-	$related_stories .= ": $shared_tags_list"
+	$related_stories .= blosxom::blosxom_html_escape(": $shared_tags_list")
 	    if $show_shared_tags;
 	$related_stories .= ')'
 	    if $show_shared_tags || $show_number_of_shared_tags;