From 08aa01cb0ee9b2dd6403f753156d8b58d8e62145 Mon Sep 17 00:00:00 2001
From: Juan Rada-Vilela <jcrada@fuzzylite.com>
Date: Mon, 13 Jul 2015 08:13:49 +1200
Subject: [PATCH 1/2] Fixes bug 485701: Angle brackets (< and >) not escaped in
 HTML formula alt text

---
 src/htmldocvisitor.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/htmldocvisitor.cpp b/src/htmldocvisitor.cpp
index 99d6fddb808..d8913e11ee3 100644
--- a/src/htmldocvisitor.cpp
+++ b/src/htmldocvisitor.cpp
@@ -1902,6 +1902,8 @@ void HtmlDocVisitor::filterQuotedCdataAttr(const char* str)
     {
       case '&':  m_t << "&amp;"; break;
       case '"':  m_t << "&quot;"; break;
+      case '<':  m_t << "&lt;"; break;
+      case '>':  m_t << "&gt;"; break;
        // For SGML compliance, and given the SGML declaration for HTML syntax,
        // it's enough to replace these two, provided that the declaration
        // for the HTML version we generate (and as supported by the browser)

From 64adce8b82c332b3855cdfaaa71afc984ffc4ca9 Mon Sep 17 00:00:00 2001
From: Juan Rada-Vilela <jcrada@fuzzylite.com>
Date: Fri, 24 Jul 2015 15:24:58 +1200
Subject: [PATCH 2/2] Bug 485701: Fixes angle brackets (< and >) not escaped in
 HTML formula alt text

---
 src/htmldocvisitor.cpp | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/src/htmldocvisitor.cpp b/src/htmldocvisitor.cpp
index d8913e11ee3..0ce40302fde 100644
--- a/src/htmldocvisitor.cpp
+++ b/src/htmldocvisitor.cpp
@@ -1904,24 +1904,6 @@ void HtmlDocVisitor::filterQuotedCdataAttr(const char* str)
       case '"':  m_t << "&quot;"; break;
       case '<':  m_t << "&lt;"; break;
       case '>':  m_t << "&gt;"; break;
-       // For SGML compliance, and given the SGML declaration for HTML syntax,
-       // it's enough to replace these two, provided that the declaration
-       // for the HTML version we generate (and as supported by the browser)
-       // specifies that all the other symbols used in rawVal are
-       // within the right character class (i.e., they're not
-       // some multinational weird characters not in the BASESET).
-       // We assume that 1) the browser will support whatever is remaining
-       // in the formula and 2) the TeX formulae are generally governed
-       // by even stricter character restrictions so it should be enough.
-       //
-       // On some incompliant browsers, additional translation of
-       // '>' and '<' into "&gt;" and "&lt;", respectively, might be needed;
-       // but I'm unaware of particular modern (last 4 years) versions
-       // with such problems, so let's not do it for performance.
-       // Also, some brousers will (wrongly) not process the entity references
-       // inside the attribute value and show the &...; form instead,  
-       // so we won't create entites unless necessary to minimize clutter there.
-       // --vassilii 
       default:   m_t << c;
     }
   }