aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar John Keeping <john@keeping.me.uk>2014-01-13 04:45:17 (JST)
committerGravatar Jason A. Donenfeld <Jason@zx2c4.com>2014-01-13 07:02:41 (JST)
commit1de6591159cfe2e0cb442d781c0a360e4928ccca (patch)
treef7679cd58126d3e41fc2a6e70cd49a47d3fb7f88
parenta45030f8ee10bc97ffcf1bf0061a2e6f22c7252a (diff)
downloadcgit-1de6591159cfe2e0cb442d781c0a360e4928ccca.zip
cgit-1de6591159cfe2e0cb442d781c0a360e4928ccca.tar.gz
ui-repolist: HTML-escape cgit_rooturl() response
This is for consistency with other callers. The value returned from cgit_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk>
-rw-r--r--ui-repolist.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/ui-repolist.c b/ui-repolist.c
index f622a01..7b1fec3 100644
--- a/ui-repolist.c
+++ b/ui-repolist.c
@@ -106,7 +106,9 @@ static int is_in_url(struct cgit_repo *repo)
106 106
107static void print_sort_header(const char *title, const char *sort) 107static void print_sort_header(const char *title, const char *sort)
108{ 108{
109 htmlf("<th class='left'><a href='%s?s=%s", cgit_rooturl(), sort); 109 html("<th class='left'><a href='");
110 html_attr(cgit_rooturl());
111 htmlf("?s=%s", sort);
110 if (ctx.qry.search) { 112 if (ctx.qry.search) {
111 html("&amp;q="); 113 html("&amp;q=");
112 html_url_arg(ctx.qry.search); 114 html_url_arg(ctx.qry.search);