From 55c0e557d9904721fb35479e139a853f90fe39b4 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Fri, 27 Mar 2015 12:17:39 -0400
Subject: [PATCH] Fix XSS in openid selector. Thanks, Raghav Bisht.

Conflicts:
	debian/changelog
	doc/bugs/XSS_Alert...__33____33____33__.html
---
 debian/changelog               | 7 +++++++
 templates/openid-selector.tmpl | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 720ddb1e0..1897414c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ikiwiki (3.20141016.2) UNRELEASED; urgency=high
+
+  [ Joey Hess ]
+  * Fix XSS in openid selector. Thanks, Raghav Bisht.
+
+ -- Simon McVittie <smcv@debian.org>  Sun, 29 Mar 2015 22:28:15 +0100
+
 ikiwiki (3.20120629.1) wheezy; urgency=medium
 
   Backport blogspam plugin from experimental, because the version in
diff --git a/templates/openid-selector.tmpl b/templates/openid-selector.tmpl
index b6be2720c..0fd833042 100644
--- a/templates/openid-selector.tmpl
+++ b/templates/openid-selector.tmpl
@@ -23,7 +23,7 @@ $(document).ready(function() {
 		</div>
 		<div id="openid_input_area">
 			<label for="openid_identifier" class="block">Enter your OpenID:</label>
-			<input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/>
+			<input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/>
 			<input id="openid_submit" type="submit" value="Login"/>
 		</div>
 		<TMPL_IF OPENID_ERROR>
-- 
2.39.2