From 25a6a7b5ab714a76fda51e5e5b59ed20883aa2d4 Mon Sep 17 00:00:00 2001
From: Nishi <nishi@nishi.boats>
Date: Fri, 30 Aug 2024 05:19:25 +0000
Subject: [PATCH] fix xss

git-svn-id: file:///raid/svn-personal/repoview/trunk@75 7e8b2a19-8934-dd40-8cb3-db22cdd5a80f
---
 CGI/theme/modern.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CGI/theme/modern.c b/CGI/theme/modern.c
index c6e10bc..16675d2 100644
--- a/CGI/theme/modern.c
+++ b/CGI/theme/modern.c
@@ -83,6 +83,8 @@ char* html_escape(const char* input) {
 			add_data(&r, "&lt;");
 		} else if(input[i] == '>') {
 			add_data(&r, "&gt;");
+		} else if(input[i] == '&') {
+			add_data(&r, "&amp;");
 		} else {
 			cbuf[0] = input[i];
 			add_data(&r, cbuf);
-- 
2.45.2