diff options
author | Thomas Lange <code@nerdmind.de> | 2017-04-24 17:15:41 +0200 |
---|---|---|
committer | Thomas Lange <code@nerdmind.de> | 2017-04-24 17:15:41 +0200 |
commit | 39944454324b4c66b8cf2444cca17c149208dfac (patch) | |
tree | 69a3296ef2a7edee6a65dcce52d50530a6f51aac /template/standard/html | |
parent | 1269b210f28591b3fda52ecc41b9d7bf1e598555 (diff) | |
download | blog-39944454324b4c66b8cf2444cca17c149208dfac.tar.gz blog-39944454324b4c66b8cf2444cca17c149208dfac.tar.xz blog-39944454324b4c66b8cf2444cca17c149208dfac.zip |
HTML escaping is required to prevent XML validation errors for some characters like "&".
Diffstat (limited to 'template/standard/html')
-rw-r--r-- | template/standard/html/feed/item_page.php | 2 | ||||
-rw-r--r-- | template/standard/html/feed/item_post.php | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/template/standard/html/feed/item_page.php b/template/standard/html/feed/item_page.php index ac3d197..f1a7a4d 100644 --- a/template/standard/html/feed/item_page.php +++ b/template/standard/html/feed/item_page.php @@ -13,7 +13,7 @@ <guid isPermaLink="false"><?=$PAGE['GUID']?></guid> <pubDate><?=parseDatetime($PAGE['ATTR']['TIME_INSERT'], '[RFC2822]')?></pubDate> <dc:creator><?=escapeHTML($USER['ATTR']['FULLNAME'])?></dc:creator> - <description><?=description($PAGE['BODY']['HTML'], 400)?></description> + <description><?=escapeHTML(description($PAGE['BODY']['HTML'], 400))?></description> <content:encoded> <![CDATA[ <?=$PAGE['BODY']['HTML']?> diff --git a/template/standard/html/feed/item_post.php b/template/standard/html/feed/item_post.php index fe59060..d645810 100644 --- a/template/standard/html/feed/item_post.php +++ b/template/standard/html/feed/item_post.php @@ -13,11 +13,10 @@ <guid isPermaLink="false"><?=$POST['GUID']?></guid> <pubDate><?=parseDatetime($POST['ATTR']['TIME_INSERT'], '[RFC2822]')?></pubDate> <dc:creator><?=escapeHTML($USER['ATTR']['FULLNAME'])?></dc:creator> - <description><?=description($POST['BODY']['HTML'], 400)?></description> + <description><?=escapeHTML(description($POST['BODY']['HTML'], 400))?></description> <content:encoded> <![CDATA[ <?=$POST['BODY']['HTML']?> - <p><small><strong>Kommentare:</strong> [<a href="https://keybase.io/nerdmind">0x33EB32A2</a>] blog@nerdmind.de</small></p> ]]> </content:encoded> <?php foreach($POST['FILE']['LIST'] as $fileURL): ?> |