diff options
author | Eric Wong <e@80x24.org> | 2019-04-27 21:46:54 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2019-04-27 21:46:54 +0000 |
commit | 0cd78b139de44c9018d623d2004d65184fff3275 (patch) | |
tree | 3b08fda95724fae8399e59c1351314e240707be0 /lib/PublicInbox/ExtMsg.pm | |
parent | 0195eb10a0cb74ebe098b4596e8e78d0544df6fb (diff) | |
download | public-inbox-0cd78b139de44c9018d623d2004d65184fff3275.tar.gz |
We already escape the user-provided Message-IDs (so there's no security problem AFAIK), but the URL templates which exist in our source code were not escaped properly. This quiets down tidy(1).
Diffstat (limited to 'lib/PublicInbox/ExtMsg.pm')
-rw-r--r-- | lib/PublicInbox/ExtMsg.pm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/PublicInbox/ExtMsg.pm b/lib/PublicInbox/ExtMsg.pm index 14d49cc5..d07d5a79 100644 --- a/lib/PublicInbox/ExtMsg.pm +++ b/lib/PublicInbox/ExtMsg.pm @@ -8,13 +8,13 @@ package PublicInbox::ExtMsg; use strict; use warnings; -use PublicInbox::Hval; +use PublicInbox::Hval qw/ascii_html/; use PublicInbox::MID qw/mid2path/; use PublicInbox::WwwStream; our $MIN_PARTIAL_LEN = 16; # TODO: user-configurable -our @EXT_URL = ( +our @EXT_URL = map { ascii_html($_) } ( # leading "//" denotes protocol-relative (http:// or https://) '//marc.info/?i=%s', '//www.mail-archive.com/search?l=mid&q=%s', |