From: Michael Andreen <harv@ruin.nu>
Date: Mon, 29 Jan 2007 22:13:03 +0000 (+0000)
Subject: escape previews
X-Git-Url: https://ruin.nu/git/?a=commitdiff_plain;h=4edb40adc7df316354ceb81df34ce5084276e3ca;p=ndwebbie.git

escape previews
---

diff --git a/ND/Web/Forum.pm b/ND/Web/Forum.pm
index 76adfb2..a780474 100644
--- a/ND/Web/Forum.pm
+++ b/ND/Web/Forum.pm
@@ -58,7 +58,7 @@ ORDER BY fp.time ASC
 		my $text = parseMarkup(escapeHTML(param('message')));
 		$text .= p b $@ if $@;
 		push @posts,{message => $text, unread => 1, username => 'PREVIEW', Time => 'Not submitted yet', NewPosts => $old ? 1 : 0};
-		$template->param(Message => param('message'));
+		$template->param(Message => escapeHTML param('message'));
 	}
 	$template->param(Posts => \@posts);