Skip to content

Commit

Permalink
Fix #12545: Escape RSS URL before outputting it to XHTML
Browse files Browse the repository at this point in the history 
main_page.php sets an RSS URL via a <link> tag to link to the RSS feed
of the latest news. The RSS URL should be escaped prior to being
inserted into the XHTML output so that the output remains well formed.
  • Loading branch information
@davidhicks
davidhicks committed Nov 20, 2010
1 parent c75e5d3 commit 9761150
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/html_api.php
View file
Expand Up @@ -146,7 +146,7 @@ function html_rss_link() {
global $g_rss_feed_url;

if( $g_rss_feed_url !== null ) {
echo '<link rel="alternate" type="application/rss+xml" title="RSS" href="', $g_rss_feed_url, '" />';
echo '<link rel="alternate" type="application/rss+xml" title="RSS" href="' . string_attribute( $g_rss_feed_url ) . "\" />\n";
}
}

Expand Down

0 comments on commit 9761150

Please sign in to comment.