fix entity escape for xml data

For title and other xml data replace &, <, >, ', and " with
corresponding escape entities. Also use http_baseurl so
complete urls will be generated.
This commit is contained in:
Roan Horning 2025-01-27 22:26:32 -05:00
parent 54ed57fd1a
commit 28af8900a3

View File

@ -3,9 +3,10 @@
<!--% PROCESS 'shared-utils.tpl.html' %-->
<!--% PROCESS 'shared-episode-summary.tpl.html' %-->
<!--% USE date %-->
<!--% USE HTML.Strip emit_spaces = 0 %-->
<channel>
<title>Hacker Public Radio ~ Comment Feed</title>
<link><!--% baseurl %-->about.html</link>
<link><!--% absolute_url(http_baseurl) %-->about.html</link>
<description>Comments Feed: Hacker Public Radio is a podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that is of interest to hackers and hobbyists.</description>
<language>en-us</language>
<copyright>Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License</copyright>
@ -15,14 +16,14 @@
<docs>https://www.rssboard.org/rss-specification</docs>
<ttl>600</ttl>
<image>
<url><!--% baseurl %-->images/hpr_feed_small.png</url>
<url><!--% absolute_url(http_baseurl) %-->images/hpr_feed_small.png</url>
<title>Hacker Public Radio ~ Comment Feed</title>
<link><!--% baseurl %-->about.html</link>
<link><!--% absolute_url(http_baseurl) %-->about.html</link>
<description>The Hacker Public Radio Old Microphone Logo</description>
<height>164</height>
<width>144</width>
</image>
<atom:link href="<!--% baseurl %-->comments.rss" rel="self" type="application/rss+xml" />
<atom:link href="<!--% absolute_url(http_baseurl) %-->comments.rss" rel="self" type="application/rss+xml" />
<!--% USE DBI(constants.driver, constants.user, constants.password) %-->
<!--% FOREACH response IN DBI.query('SELECT max( comment_timestamp) AS latest_update FROM comments') %-->
@ -49,15 +50,15 @@
%-->
<item>
<title><!--% item.comment_author_name %--> says: <!--% item.comment_title %--></title>
<author>feedback.nospam@nospam.hackerpublicradio.org (<!--% item.comment_author_name %-->)</author>
<link><!--% baseurl %-->eps/hpr<!--% zero_pad_left(item.eps_id) %-->/index.html#comments</link>
<title><!--% item.comment_author_name | html_strip | xml_entity %--> says: <!--% item.comment_title | html_strip | xml_entity %--></title>
<author>feedback.nospam@nospam.hackerpublicradio.org (<!--% item.comment_author_name | html_strip | xml_entity %-->)</author>
<link><!--% absolute_url(http_baseurl) %-->eps/hpr<!--% zero_pad_left(item.eps_id) %-->/index.html#comments</link>
<description><![CDATA[<strong>
RE: hpr<!--% zero_pad_left(item.eps_id) %-->::<!--% item.episode_date %--> <em><!--% item.episode_title %--></em> by <a href="<!--% baseurl %-->correspondents/<!--% zero_pad_left(item.host_id) %-->.html"><!--% item.host %--></a></strong><!--% rss_show_series(item.series_name, item.series_id) %--><br />
RE: hpr<!--% zero_pad_left(item.eps_id) %-->::<!--% item.episode_date %--> <em><!--% item.episode_title | html_strip | xml_entity %--></em> by <a href="<!--% absolute_url(http_baseurl) %-->correspondents/<!--% zero_pad_left(item.host_id) %-->.html"><!--% item.host %--></a></strong><!--% rss_show_series(item.series_name, item.series_id) | html_strip | xml_entity %--><br />
<!--% display_episode_duration(item.episode_duration) %--><!--% display_listen_in(item.eps_id) %--><br /><!--% item.comment_text FILTER html_line_break %-->
]]></description>
<pubDate><!--% format_feed_date(item.comment_timestamp) %--></pubDate>
<guid isPermaLink="false"><!--% baseurl %-->eps/hpr<!--% zero_pad_left(item.eps_id) %-->/index.html#comment_<!--% item.id %--></guid>
<guid isPermaLink="false"><!--% absolute_url(http_baseurl) %-->eps/hpr<!--% zero_pad_left(item.eps_id) %-->/index.html#comment_<!--% item.id %--></guid>
</item>
<!--% END %-->
</channel>