diff options
| author |   Hiltjo Posthuma <[email protected]> | 2021-11-16 11:44:23 +0100 |
|---|---|---|
| committer | Hiltjo Posthuma <[email protected]> | 2021-11-16 11:44:23 +0100 |
| commit | 961cf0f9d86e1e043d80398e4a71d218c28123a0 (patch) | |
| tree | b9be1a8c7bfc23e046e4e777f058a6747c90b841 | |
| parent | 1b6a24c893866a604d9b7bc425f9b23706f39912 (diff) | |
| download | stagit-961cf0f9d86e1e043d80398e4a71d218c28123a0.tar.gz stagit-961cf0f9d86e1e043d80398e4a71d218c28123a0.zip | |
encode the name, it could contain XML entities
Like ", which would unquote the attribute value. Crazy but true.
| -rw-r--r-- | stagit.c | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -480,10 +480,12 @@ writeheader(FILE *fp, const char *title) fputs(" - ", fp); xmlencode(fp, description, strlen(description)); fprintf(fp, "</title>\n<link rel=\"icon\" type=\"image/png\" href=\"%sfavicon.png\" />\n", relpath); - fprintf(fp, "<link rel=\"alternate\" type=\"application/atom+xml\" title=\"%s Atom Feed\" href=\"%satom.xml\" />\n", - name, relpath); - fprintf(fp, "<link rel=\"alternate\" type=\"application/atom+xml\" title=\"%s Atom Feed (tags)\" href=\"%stags.xml\" />\n", - name, relpath); + fputs("<link rel=\"alternate\" type=\"application/atom+xml\" title=\"", fp); + xmlencode(fp, name, strlen(name)); + fprintf(fp, " Atom Feed\" href=\"%satom.xml\" />\n", relpath); + fputs("<link rel=\"alternate\" type=\"application/atom+xml\" title=\"", fp); + xmlencode(fp, name, strlen(name)); + fprintf(fp, " Atom Feed (tags)\" href=\"%stags.xml\" />\n", relpath); fprintf(fp, "<link rel=\"stylesheet\" type=\"text/css\" href=\"%sstyle.css\" />\n", relpath); fputs("</head>\n<body>\n<table><tr><td>", fp); fprintf(fp, "<a href=\"../%s\"><img src=\"%slogo.png\" alt=\"\" width=\"32\" height=\"32\" /></a>", |