From 618a6561cd09f489e30ab652da1649a0d1fec1d5 Mon Sep 17 00:00:00 2001
From: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Wed, 24 Nov 2021 21:52:47 +0100
Subject: sfeed_mbox: escape the link and enclosure text when using HTML
 content

commit ed8079dc3e8ce513c788a5ab11444aac221cbc5b added an option
$SFEED_MBOX_CONTENT with a content-type text/html to include the content.
However in this context the link and enclosure were not fully escaped.
---
 sfeed_mbox.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sfeed_mbox.c b/sfeed_mbox.c
index 34b9b4a..cd6e65d 100644
--- a/sfeed_mbox.c
+++ b/sfeed_mbox.c
@@ -104,14 +104,14 @@ printfeed(FILE *fp, const char *feedname)
 				fputs("Link: <a href=\"", stdout);
 				xmlencode(fields[FieldLink], stdout);
 				fputs("\">", stdout);
-				fputs(fields[FieldLink], stdout);
+				xmlencode(fields[FieldLink], stdout);
 				fputs("</a><br/>\n", stdout);
 			}
 			if (fields[FieldEnclosure][0]) {
 				fputs("Enclosure: <a href=\"", stdout);
 				xmlencode(fields[FieldEnclosure], stdout);
 				fputs("\">", stdout);
-				fputs(fields[FieldEnclosure], stdout);
+				xmlencode(fields[FieldEnclosure], stdout);
 				fputs("</a><br/>\n", stdout);
 			}
 			fputs("</p>\n", stdout);
-- 
cgit v1.2.3