summaryrefslogtreecommitdiff
path: root/IkiWiki
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-06-02 06:11:22 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-06-02 06:11:22 +0000
commit54541869392f162bb195b8b67814ef0a394c1961 (patch)
treec12d1ef5312bc69657075d4ff769f3239aa394ea /IkiWiki
parent03867bf323fda5d582a53341f8f1a0a3460d76d6 (diff)
meta headers are not sanitised; prevent html leaking into them
Diffstat (limited to 'IkiWiki')
-rw-r--r--IkiWiki/Plugin/meta.pm10
1 files changed, 6 insertions, 4 deletions
diff --git a/IkiWiki/Plugin/meta.pm b/IkiWiki/Plugin/meta.pm
index 8244cf718..41d096e0e 100644
--- a/IkiWiki/Plugin/meta.pm
+++ b/IkiWiki/Plugin/meta.pm
@@ -27,11 +27,13 @@ sub preprocess (@) { #{{{
my $page=$params{page};
delete $params{page};
+ eval q{use CGI 'escapeHTML'};
+
if ($key eq 'link') {
if (%params) {
$meta{$page}='' unless exists $meta{$page};
- $meta{$page}.="<link href=\"$value\" ".
- join(" ", map { "$_=\"$params{$_}\"" } keys %params).
+ $meta{$page}.="<link href=\"".escapeHTML($value)."\" ".
+ join(" ", map { escapeHTML("$_=\"$params{$_}\"") } keys %params).
" />\n";
}
else {
@@ -40,11 +42,11 @@ sub preprocess (@) { #{{{
}
}
elsif ($key eq 'title') {
- $title{$page}=$value;
+ $title{$page}=escapeHTML($value);
}
else {
$meta{$page}='' unless exists $meta{$page};
- $meta{$page}.="<meta name=\"$key\" content=\"$value\" />\n";
+ $meta{$page}.="<meta name=\"".escapeHTML($key)."\" content=\"".escapeHTML($value)."\" />\n";
}
return "";