From 0a88db50d6a6c9c1917c4e7a6e67a467d2b5f84b Mon Sep 17 00:00:00 2001
From: conradverm <conradverm@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Fri, 13 Jul 2007 15:05:43 +0000
Subject: [PATCH] KTS-2178 "cross site scripting" Updated.

---
 plugins/rssplugin/templates/RSSPlugin/dashlet.smarty | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty b/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty
index a0b5a8c..a68f89c 100644
--- a/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty
+++ b/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty
@@ -9,13 +9,13 @@
 		{/if}
 		{if $feedlist}
 		{section name=feed loop=$feedlist}
-		<option value='{$feedlist[feed].url}'>{$feedlist[feed].title}</option>
+		<option value='{$feedlist[feed].url}'>{$feedlist[feed].title|sanitize}</option>
 		{/section}
 		{/if}
 	</select>
 	{if ($action.url)}<a href="{$action.url}"
-{if $action.description}title="{$action.description}"{/if}
-     >{$action.name}</a>{else}{$action.name}{/if}
+{if $action.description}title="{$action.description|sanitize}"{/if}
+     >{$action.name}</a>{else}{$action.name|sanitize}{/if}
 	</form>
 	{/if}
 </div>
@@ -26,7 +26,7 @@
 		<table width='90%'>
 		    {section name=i start=0 loop=$itemcount}
 			<tr>
-				<td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title}</a><strong></td>
+				<td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title|sanitize}</a><strong></td>
 			</tr>
 			<tr>
 				<td>{$internalrss.items[i].description}</td>
--
libgit2 0.21.4


{$internalrss.items[i].title}	{$internalrss.items[i].title\|sanitize}
{$internalrss.items[i].description}