close a possible XSS hole

[ikiwiki.git] / templates / recentchanges.tmpl

diff --git a/templates/recentchanges.tmpl b/templates/recentchanges.tmpl
index dd061a06a88b987591f6f7487e4539abb7b1ee4c..f927cf62f4eb9549442f161dd75e4941e0d75764 100644 (file)
--- a/templates/recentchanges.tmpl
+++ b/templates/recentchanges.tmpl
@@ -30,7 +30,7 @@
 <TMPL_LOOP NAME="CHANGELOG">
        <!-- <TMPL_VAR NAME="REV"> -->
        <tr class="changeinfo">
-               <td class="changeinfo"><TMPL_VAR NAME="USER"></td>
+               <td class="changeinfo"><TMPL_VAR NAME="USER" ESCAPE="HTML"></td>
                <td class="changetime"><TMPL_VAR NAME="WHEN"></td>
                <td class="changeinfo">
                <TMPL_LOOP NAME="PAGES">
@@ -50,7 +50,7 @@
                <td class="changelog" colspan="4">
                        <TMPL_LOOP NAME="MESSAGE">
                                <TMPL_IF NAME="LINE">
-                                       <TMPL_VAR NAME="LINE"><br />
+                                       <TMPL_VAR NAME="LINE" ESCAPE="HTML"><br />
                                </TMPL_IF>
                        </TMPL_LOOP>
                </td>