Conflicts:
debian/changelog
doc/bugs/XSS_Alert...__33____33____33__.html
+ikiwiki (3.20141016.2) UNRELEASED; urgency=high
+
+ [ Joey Hess ]
+ * Fix XSS in openid selector. Thanks, Raghav Bisht.
+
+ -- Simon McVittie <smcv@debian.org> Sun, 29 Mar 2015 22:28:15 +0100
+
ikiwiki (3.20141016.1) unstable; urgency=medium
* Backport selected commits for Debian 8:
ikiwiki (3.20141016.1) unstable; urgency=medium
* Backport selected commits for Debian 8:
</div>
<div id="openid_input_area">
<label for="openid_identifier" class="block">Enter your OpenID:</label>
</div>
<div id="openid_input_area">
<label for="openid_identifier" class="block">Enter your OpenID:</label>
- <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/>
+ <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/>
<input id="openid_submit" type="submit" value="Login"/>
</div>
<TMPL_IF OPENID_ERROR>
<input id="openid_submit" type="submit" value="Login"/>
</div>
<TMPL_IF OPENID_ERROR>