From: Dan Dennedy <dan@dennedy.org>
Date: Wed, 7 Aug 2013 04:27:54 +0000 (-0700)
Subject: Add HTML escaping to metadata publishing script.
X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=747d8d834d5f37e455fc3ef9ebcea8731ccca803;hp=e10eadfb4e0c3362e3c0ed4e89d0f9eee9eb2475;p=mlt

Add HTML escaping to metadata publishing script.
---

diff --git a/src/swig/ruby/metadata.rb b/src/swig/ruby/metadata.rb
index 596bcce6..87b4d8fa 100755
--- a/src/swig/ruby/metadata.rb
+++ b/src/swig/ruby/metadata.rb
@@ -27,7 +27,7 @@ media types:
 %   end
 %%BR%
 % end
-description: <%= yml['description'] %> %BR%
+description: <%= ERB::Util.h(yml['description']) %> %BR%
 version: <%= yml['version'] %> %BR%
 creator: <%= yml['creator'] %> %BR%
 % yml['contributor'] and yml['contributor'].each do |x|
@@ -39,7 +39,7 @@ contributor: <%= x %> %BR%
 % if yml['notes']
 ---++ Notes
 %   yml['notes'].each do |x|
-<%= x %>
+<%= ERB::Util.h(x) %>
 %   end
 % end
 
@@ -55,7 +55,7 @@ contributor: <%= x %> %BR%
 %   yml['parameters'].each do |param|
 ---+++ <%= param['identifier'] %>
 <%= "title: #{param['title']} %BR%\n" if param['title'] %>
-<%= "description: #{param['description']} %BR%\n" if param['description'] %>
+<%= "description: #{ERB::Util.h(param['description'])} %BR%\n" if param['description'] %>
 type: <%= param['type'] %> %BR%
 readonly: <%= param['readonly'] or 'no' %> %BR%
 required: <%= param['required'] or 'no' %> %BR%