]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - templates/blogpost.tmpl
HTML-escape error messages (CVE-2016-4561)
[git.ikiwiki.info.git] / templates / blogpost.tmpl
index 7eeede6038b64c16520dcc506c3198ffe42ecd85..9e49c474afc4070da5bfafab16ea7a29de133670 100644 (file)
@@ -1,10 +1,10 @@
-<form action="<TMPL_VAR CGIURL>" method="get">
-<div id="blogform">
-<TMPL_IF NAME="RSSURL">
-<a class="feedbutton" type="application/rss+xml" href="<TMPL_VAR NAME=RSSURL>">RSS</a>
+<form <TMPL_IF POSTFORMID>id="<TMPL_VAR POSTFORMID ESCAPE=HTML>"</TMPL_IF> action="<TMPL_VAR CGIURL>" method="get">
+<div class="blogform">
+<TMPL_IF RSSURL>
+<a class="feedbutton" type="application/rss+xml" rel="alternate" title="<TMPL_VAR RSSDESC>" href="<TMPL_VAR RSSURL>">RSS</a>
 </TMPL_IF>
-<TMPL_IF NAME="ATOMURL">
-<a class="feedbutton" type="application/atom+xml" href="<TMPL_VAR NAME=ATOMURL>">Atom</a>
+<TMPL_IF ATOMURL>
+<a class="feedbutton" type="application/atom+xml" rel="alternate" title="<TMPL_VAR ATOMDESC>" href="<TMPL_VAR ATOMURL>">Atom</a>
 </TMPL_IF>
 <input type="hidden" name="do" value="blog" />
 <input type="hidden" name="from" value="<TMPL_VAR ROOTPAGE>" />