From 4429d6269252a329fa579e19ff1a32ce694a5a4d Mon Sep 17 00:00:00 2001
From: Benjamin Kellermann <Benjamin.Kellermann@gmx.de>
Date: Mon, 7 Jan 2019 21:45:08 +0100
Subject: proper output encoding of poll title

---
 dudle.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'dudle.rb')

diff --git a/dudle.rb b/dudle.rb
index 210c367..53edbae 100644
--- a/dudle.rb
+++ b/dudle.rb
@@ -180,7 +180,7 @@ HEAD
 <div id='main'>
 #{tabs_to_html(@tab)}
 <div id='content'>
-	<h1 id='polltitle'>#{@title}</h1>
+	<h1 id='polltitle'>#{CGI.escapeHTML(@title)}</h1>
 HEAD
 
 
-- 
cgit v1.2.3