ui-repolist: HTML-escape cgit_rooturl() response

This is for consistency with other callers. The value returned from cgit_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk>
author: John Keeping <john@keeping.me.uk> 2014-01-12 19:45:17 +0000
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-12 23:02:41 +0100
commit: 1de6591159cfe2e0cb442d781c0a360e4928ccca (patch)
tree: f7679cd58126d3e41fc2a6e70cd49a47d3fb7f88
parent: ui-shared: URL-escape script_name (diff)
download: cgit-pink-1de6591159cfe2e0cb442d781c0a360e4928ccca.tar.gz
cgit-pink-1de6591159cfe2e0cb442d781c0a360e4928ccca.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/ui-repolist.c b/ui-repolist.c
index f622a01..7b1fec3 100644
--- a/ui-repolist.c
+++ b/ui-repolist.c
@@ -106,7 +106,9 @@ static int is_in_url(struct cgit_repo *repo)
 
 static void print_sort_header(const char *title, const char *sort)
 {
-	htmlf("<th class='left'><a href='%s?s=%s", cgit_rooturl(), sort);
+	html("<th class='left'><a href='");
+	html_attr(cgit_rooturl());
+	htmlf("?s=%s", sort);
 	if (ctx.qry.search) {
 		html("&amp;q=");
 		html_url_arg(ctx.qry.search);
author	John Keeping <john@keeping.me.uk>	2014-01-12 19:45:17 +0000
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2014-01-12 23:02:41 +0100
commit	1de6591159cfe2e0cb442d781c0a360e4928ccca (patch)
tree	f7679cd58126d3e41fc2a6e70cd49a47d3fb7f88
parent	ui-shared: URL-escape script_name (diff)
download	cgit-pink-1de6591159cfe2e0cb442d781c0a360e4928ccca.tar.gz cgit-pink-1de6591159cfe2e0cb442d781c0a360e4928ccca.zip