Fix JavaScript injection through page title

HakanS · Jul 28, 2012 · 494874c · 494874c
1 parent 2569748
commit 494874c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/syntax.php b/syntax.php
@@ -169,7 +169,7 @@ function _getTagXml($options) {
             }
 
             $fsize = 8 + round(($size-$min)/$delta);
-            $xmlCloude .= '<a href="' .$link . '" class="' . $class .'"' .' title="' . $title . '" style="font-size: '. $fsize .'pt;">' . $name . '</a>' . DOKU_LF;
+            $xmlCloude .= '<a href="' .$link . '" class="' . $class .'"' .' title="' . $title . '" style="font-size: '. $fsize .'pt;">' . hsc($name) . '</a>' . DOKU_LF;
         }
         return $xmlCloude;
     }