From 848567e3d8881dd1873c346567d5a03e0ddb7fa0 Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Fri, 12 Mar 2010 21:01:10 +0100
Subject: [PATCH] tagging: Make sure the related stories output is properly
 HTML escaped.

---
 xtaran/tagging | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/xtaran/tagging b/xtaran/tagging
index 988f322..336bcc5 100644
--- a/xtaran/tagging
+++ b/xtaran/tagging
@@ -328,9 +328,9 @@ sub story {
 	my $shared_tags_list = join(', ', @{$other_stories{$other}});
 	my $shared_tags_number = scalar(@{$other_stories{$other}});
 
-	my $attr_title = "$shared_tags_number $shared_tags_text: $shared_tags_list";
-
-	$related_stories .= qq($related_story_prefix<a href="$opath" class="$related_story_class" title="$attr_title">$title</a>);
+	my $attr_title = blosxom::blosxom_html_escape("$shared_tags_number $shared_tags_text: $shared_tags_list");
+	my $attr_href = blosxom::blosxom_html_escape($opath);
+	$related_stories .= qq($related_story_prefix<a href="$attr_href" class="$related_story_class" title="$attr_title">$title</a>);
 
 	$related_stories .= ' (' 
 	    if $show_shared_tags || $show_number_of_shared_tags;
@@ -338,7 +338,7 @@ sub story {
 	    if $show_number_of_shared_tags;
 	$related_stories .= $shared_tags_text
 	    if $show_shared_tags || $show_number_of_shared_tags;
-	$related_stories .= ": $shared_tags_list"
+	$related_stories .= blosxom::blosxom_html_escape(": $shared_tags_list")
 	    if $show_shared_tags;
 	$related_stories .= ')'
 	    if $show_shared_tags || $show_number_of_shared_tags;
-- 
2.30.2