mirror of
https://git.zx2c4.com/cgit
synced 2024-11-22 16:38:42 +00:00
ui-repolist: HTML-escape cgit_rooturl() response
This is for consistency with other callers. The value returned from cgit_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk>
This commit is contained in:
parent
a45030f8ee
commit
1de6591159
@ -106,7 +106,9 @@ static int is_in_url(struct cgit_repo *repo)
|
|||||||
|
|
||||||
static void print_sort_header(const char *title, const char *sort)
|
static void print_sort_header(const char *title, const char *sort)
|
||||||
{
|
{
|
||||||
htmlf("<th class='left'><a href='%s?s=%s", cgit_rooturl(), sort);
|
html("<th class='left'><a href='");
|
||||||
|
html_attr(cgit_rooturl());
|
||||||
|
htmlf("?s=%s", sort);
|
||||||
if (ctx.qry.search) {
|
if (ctx.qry.search) {
|
||||||
html("&q=");
|
html("&q=");
|
||||||
html_url_arg(ctx.qry.search);
|
html_url_arg(ctx.qry.search);
|
||||||
|
Loading…
Reference in New Issue
Block a user