ui-repolist: HTML-escape cgit_rooturl() response This is for consistency with other callers. The value returned from cgit_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping john@keeping.me.uk
Sun, 12 Jan 2014 19:45:17 +0000
1 files changed,
3 insertions(+),
1 deletions(-)
jump to
M
ui-repolist.c
→
ui-repolist.c
@@ -106,7 +106,9 @@ }
static void print_sort_header(const char *title, const char *sort) { - htmlf("<th class='left'><a href='%s?s=%s", cgit_rooturl(), sort); + html("<th class='left'><a href='"); + html_attr(cgit_rooturl()); + htmlf("?s=%s", sort); if (ctx.qry.search) { html("&q="); html_url_arg(ctx.qry.search);