neocgit

a more 'modern' version of cgit
Log | Files | Refs | Submodules | README | LICENSE | git clone https://git.ne02ptzero.me/git/neocgit

commit 1de6591159cfe2e0cb442d781c0a360e4928ccca
parent a45030f8ee10bc97ffcf1bf0061a2e6f22c7252a
Author: John Keeping <john@keeping.me.uk>
Date:   Sun, 12 Jan 2014 19:45:17 +0000

ui-repolist: HTML-escape cgit_rooturl() response

This is for consistency with other callers.  The value returned from
cgit_rooturl is not guaranteed to be HTML-safe.

Signed-off-by: John Keeping <john@keeping.me.uk>

Diffstat:
Mui-repolist.c | 4+++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui-repolist.c b/ui-repolist.c @@ -106,7 +106,9 @@ static int is_in_url(struct cgit_repo *repo) static void print_sort_header(const char *title, const char *sort) { - htmlf("<th class='left'><a href='%s?s=%s", cgit_rooturl(), sort); + html("<th class='left'><a href='"); + html_attr(cgit_rooturl()); + htmlf("?s=%s", sort); if (ctx.qry.search) { html("&amp;q="); html_url_arg(ctx.qry.search);