diff --git a/lib/Comics.pm b/lib/Comics.pm index 634784d..6b583cd 100644 --- a/lib/Comics.pm +++ b/lib/Comics.pm @@ -12,6 +12,7 @@ use strict; use warnings; use utf8; use Carp; +use HTML::Entities; package Comics; @@ -457,7 +458,7 @@ sub statmsg { for ( @{ $stats->{fail} } ) { my $t = $_->[1]; $t =~ s/ at .*//s; - $res .= $_->[0] . " ($t) "; + $res .= encode_entities($_->[0]) . " ($t) "; } $res .= "\">$fail fail"; } diff --git a/lib/Comics/Plugin/Base.pm b/lib/Comics/Plugin/Base.pm index 97f37df..72ae686 100644 --- a/lib/Comics/Plugin/Base.pm +++ b/lib/Comics/Plugin/Base.pm @@ -58,6 +58,8 @@ The tag is used to generate file names for images and HTML fragments. =cut +use HTML::Entities; + sub register { my ( $pkg, $init ) = @_; @@ -114,24 +116,28 @@ sub html { my $res = qq{\n} . - qq{ \n} . + qq{

\n} . qq{ \n \n \n
} . - qq{} . _html($self->{name}) . qq{
\n} . + qq{
} . + qq{} . _html($self->{name}) . qq{
\n} . qq{ Last update: } . localtime($state->{update}) . - qq{

} . qq{{c_alt} . qq{" } - if $state->{c_alt}; - $res .= qq{title="} . $state->{c_title} . qq{" } - if $state->{c_title}; + if (my $alt = $state->{c_alt}) { + $alt = encode_entities($alt); + $res .= qq{alt="} . $alt . qq{" } + } + if (my $ttl = $state->{c_title}) { + $ttl = encode_entities $ttl); + $res .= qq{title="} . $ttl . qq{" } + } $res .= qq{width="$w" height="$h" } if $w && $h; - $res .= qq{src="$state->{c_img}">
\n}; + $res .= qq{src="$state->{c_img}" />\n \n\n}; return $res; }