From 747d8d834d5f37e455fc3ef9ebcea8731ccca803 Mon Sep 17 00:00:00 2001
From: Dan Dennedy <dan@dennedy.org>
Date: Tue, 6 Aug 2013 21:27:54 -0700
Subject: [PATCH] Add HTML escaping to metadata publishing script.

---
 src/swig/ruby/metadata.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/swig/ruby/metadata.rb b/src/swig/ruby/metadata.rb
index 596bcce6..87b4d8fa 100755
--- a/src/swig/ruby/metadata.rb
+++ b/src/swig/ruby/metadata.rb
@@ -27,7 +27,7 @@ media types:
 %   end
 %%BR%
 % end
-description: <%= yml['description'] %> %BR%
+description: <%= ERB::Util.h(yml['description']) %> %BR%
 version: <%= yml['version'] %> %BR%
 creator: <%= yml['creator'] %> %BR%
 % yml['contributor'] and yml['contributor'].each do |x|
@@ -39,7 +39,7 @@ contributor: <%= x %> %BR%
 % if yml['notes']
 ---++ Notes
 %   yml['notes'].each do |x|
-<%= x %>
+<%= ERB::Util.h(x) %>
 %   end
 % end
 
@@ -55,7 +55,7 @@ contributor: <%= x %> %BR%
 %   yml['parameters'].each do |param|
 ---+++ <%= param['identifier'] %>
 <%= "title: #{param['title']} %BR%\n" if param['title'] %>
-<%= "description: #{param['description']} %BR%\n" if param['description'] %>
+<%= "description: #{ERB::Util.h(param['description'])} %BR%\n" if param['description'] %>
 type: <%= param['type'] %> %BR%
 readonly: <%= param['readonly'] or 'no' %> %BR%
 required: <%= param['required'] or 'no' %> %BR%
-- 
2.39.2