* Fix a few bugs around page titles containing html. The worst of these

is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber.
author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2007-03-21 06:05:21 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2007-03-21 06:05:21 +0000
commit: 1c65ca492295e754dfd9986f91b08eb0876d09b9 (patch)
tree: f5ef8f767cf58055381e730e88a56f30ffa586b6 /templates
parent: 9bf29d60b2b44c16e9c3aaf1f4ff78a694f3c194 (diff)
4 files changed, 6 insertions, 6 deletions
diff --git a/templates/archivepage.tmpl b/templates/archivepage.tmpl
index 6bc789dfb..7e8b8b8fc 100644
--- a/templates/archivepage.tmpl
+++ b/templates/archivepage.tmpl
@@ -1,5 +1,5 @@
 <p>
-<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE></a><br />
+<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE ESCAPE=HTML></a><br />
 <i>
 Posted <TMPL_VAR CTIME>
 </i>
diff --git a/templates/inlinepage.tmpl b/templates/inlinepage.tmpl
index 0317c248c..f1f21d4be 100644
--- a/templates/inlinepage.tmpl
+++ b/templates/inlinepage.tmpl
@@ -10,9 +10,9 @@
 </TMPL_IF>
 <span class="header">
 <TMPL_IF NAME="PERMALINK">
-<a href="<TMPL_VAR PERMALINK>"><TMPL_VAR TITLE></a>
+<a href="<TMPL_VAR PERMALINK>"><TMPL_VAR TITLE ESCAPE=HTML></a>
 <TMPL_ELSE>
-<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE></a>
+<a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE ESCAPE=HTML></a>
 </TMPL_IF>
 </span>
 <TMPL_VAR CONTENT>
diff --git a/templates/page.tmpl b/templates/page.tmpl
index 471ed1a7d..2c28a68f5 100644
--- a/templates/page.tmpl
+++ b/templates/page.tmpl
@@ -3,7 +3,7 @@
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title><TMPL_VAR TITLE></title>
+<title><TMPL_VAR TITLE ESCAPE=HTML></title>
 <link rel="stylesheet" href="<TMPL_VAR BASEURL>style.css" type="text/css" />
 <link rel="stylesheet" href="<TMPL_VAR BASEURL>local.css" type="text/css" />
 <TMPL_IF NAME="FAVICON">
@@ -19,7 +19,7 @@
 <TMPL_LOOP NAME="PARENTLINKS">
 <a href="<TMPL_VAR NAME=URL>"><TMPL_VAR NAME=PAGE></a>/ 
 </TMPL_LOOP>
-<TMPL_VAR TITLE>
+<TMPL_VAR TITLE ESCAPE=HTML>
 </span>
 <TMPL_IF NAME="SEARCHFORM">
 <TMPL_VAR SEARCHFORM>
diff --git a/templates/titlepage.tmpl b/templates/titlepage.tmpl
index f5cd5bc53..0676a098e 100644
--- a/templates/titlepage.tmpl
+++ b/templates/titlepage.tmpl
@@ -1 +1 @@
-<p><a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE></a></p>
+<p><a href="<TMPL_VAR PAGEURL>"><TMPL_VAR TITLE ESCAPE=HTML></a></p>
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2007-03-21 06:05:21 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2007-03-21 06:05:21 +0000
commit	1c65ca492295e754dfd9986f91b08eb0876d09b9 (patch)
tree	f5ef8f767cf58055381e730e88a56f30ffa586b6 /templates
parent	9bf29d60b2b44c16e9c3aaf1f4ff78a694f3c194 (diff)