aboutsummaryrefslogtreecommitdiffstats
path: root/template/standard/html/feed/item_post.php
diff options
context:
space:
mode:
authorThomas Lange <code@nerdmind.de>2017-04-24 17:15:41 +0200
committerThomas Lange <code@nerdmind.de>2017-04-24 17:15:41 +0200
commit39944454324b4c66b8cf2444cca17c149208dfac (patch)
tree69a3296ef2a7edee6a65dcce52d50530a6f51aac /template/standard/html/feed/item_post.php
parent1269b210f28591b3fda52ecc41b9d7bf1e598555 (diff)
downloadblog-39944454324b4c66b8cf2444cca17c149208dfac.tar.gz
blog-39944454324b4c66b8cf2444cca17c149208dfac.tar.xz
blog-39944454324b4c66b8cf2444cca17c149208dfac.zip
HTML escaping is required to prevent XML validation errors for some characters like "&".
Diffstat (limited to 'template/standard/html/feed/item_post.php')
-rw-r--r--template/standard/html/feed/item_post.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/template/standard/html/feed/item_post.php b/template/standard/html/feed/item_post.php
index fe59060..d645810 100644
--- a/template/standard/html/feed/item_post.php
+++ b/template/standard/html/feed/item_post.php
@@ -13,11 +13,10 @@
<guid isPermaLink="false"><?=$POST['GUID']?></guid>
<pubDate><?=parseDatetime($POST['ATTR']['TIME_INSERT'], '[RFC2822]')?></pubDate>
<dc:creator><?=escapeHTML($USER['ATTR']['FULLNAME'])?></dc:creator>
- <description><?=description($POST['BODY']['HTML'], 400)?></description>
+ <description><?=escapeHTML(description($POST['BODY']['HTML'], 400))?></description>
<content:encoded>
<![CDATA[
<?=$POST['BODY']['HTML']?>
- <p><small><strong>Kommentare:</strong> [<a href="https://keybase.io/nerdmind">0x33EB32A2</a>] blog&#64;nerdmind.de</small></p>
]]>
</content:encoded>
<?php foreach($POST['FILE']['LIST'] as $fileURL): ?>