From 39944454324b4c66b8cf2444cca17c149208dfac Mon Sep 17 00:00:00 2001
From: Thomas Lange <code@nerdmind.de>
Date: Mon, 24 Apr 2017 17:15:41 +0200
Subject: HTML escaping is required to prevent XML validation errors for some
 characters like "&".

---
 template/standard/html/feed/item_page.php | 2 +-
 template/standard/html/feed/item_post.php | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'template/standard')

diff --git a/template/standard/html/feed/item_page.php b/template/standard/html/feed/item_page.php
index ac3d197..f1a7a4d 100644
--- a/template/standard/html/feed/item_page.php
+++ b/template/standard/html/feed/item_page.php
@@ -13,7 +13,7 @@
 	<guid isPermaLink="false"><?=$PAGE['GUID']?></guid>
 	<pubDate><?=parseDatetime($PAGE['ATTR']['TIME_INSERT'], '[RFC2822]')?></pubDate>
 	<dc:creator><?=escapeHTML($USER['ATTR']['FULLNAME'])?></dc:creator>
-	<description><?=description($PAGE['BODY']['HTML'], 400)?></description>
+	<description><?=escapeHTML(description($PAGE['BODY']['HTML'], 400))?></description>
 	<content:encoded>
 		<![CDATA[
 			<?=$PAGE['BODY']['HTML']?>
diff --git a/template/standard/html/feed/item_post.php b/template/standard/html/feed/item_post.php
index fe59060..d645810 100644
--- a/template/standard/html/feed/item_post.php
+++ b/template/standard/html/feed/item_post.php
@@ -13,11 +13,10 @@
 	<guid isPermaLink="false"><?=$POST['GUID']?></guid>
 	<pubDate><?=parseDatetime($POST['ATTR']['TIME_INSERT'], '[RFC2822]')?></pubDate>
 	<dc:creator><?=escapeHTML($USER['ATTR']['FULLNAME'])?></dc:creator>
-	<description><?=description($POST['BODY']['HTML'], 400)?></description>
+	<description><?=escapeHTML(description($POST['BODY']['HTML'], 400))?></description>
 	<content:encoded>
 		<![CDATA[
 			<?=$POST['BODY']['HTML']?>
-			<p><small><strong>Kommentare:</strong> [<a href="https://keybase.io/nerdmind">0x33EB32A2</a>] blog&#64;nerdmind.de</small></p>
 		]]>
 	</content:encoded>
 	<?php foreach($POST['FILE']['LIST'] as $fileURL): ?>
-- 
cgit v1.2.3