diff options
| author |  John Keeping <john@keeping.me.uk> | 2014-01-13 04:45:17 (JST) |
|---|---|---|
| committer |  Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-13 07:02:41 (JST) |
| commit | 1de6591159cfe2e0cb442d781c0a360e4928ccca (patch) | |
| tree | f7679cd58126d3e41fc2a6e70cd49a47d3fb7f88 | |
| parent | a45030f8ee10bc97ffcf1bf0061a2e6f22c7252a (diff) | |
| download | cgit-1de6591159cfe2e0cb442d781c0a360e4928ccca.zip cgit-1de6591159cfe2e0cb442d781c0a360e4928ccca.tar.gz | |
ui-repolist: HTML-escape cgit_rooturl() response
This is for consistency with other callers. The value returned from
cgit_rooturl is not guaranteed to be HTML-safe.
Signed-off-by: John Keeping <john@keeping.me.uk>
| -rw-r--r-- | ui-repolist.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ui-repolist.c b/ui-repolist.c index f622a01..7b1fec3 100644 --- a/ui-repolist.c +++ b/ui-repolist.c | |||
| @@ -106,7 +106,9 @@ static int is_in_url(struct cgit_repo *repo) | |||
| 106 | 106 | ||
| 107 | static void print_sort_header(const char *title, const char *sort) | 107 | static void print_sort_header(const char *title, const char *sort) |
| 108 | { | 108 | { |
| 109 | htmlf("<th class='left'><a href='%s?s=%s", cgit_rooturl(), sort); | 109 | html("<th class='left'><a href='"); |
| 110 | html_attr(cgit_rooturl()); | ||
| 111 | htmlf("?s=%s", sort); | ||
| 110 | if (ctx.qry.search) { | 112 | if (ctx.qry.search) { |
| 111 | html("&q="); | 113 | html("&q="); |
| 112 | html_url_arg(ctx.qry.search); | 114 | html_url_arg(ctx.qry.search); |