Merge branch 'master' of git.sv.gnu.org:/srv/git/oddmuse

t/xss.t

@@ -14,9 +14,11 @@
 
 require 't/test.pl';
 package OddMuse;
-use Test::More tests => 2;
+use Test::More tests => 3;
 
 test_page(update_page('Test', 'Content is saved', '<xss>'),
           'Content is saved');
 test_page(get_page('action=browse id=Test diff=1'),
           '&lt;xss&gt;');
+test_page(get_page('action=rss'),
+          '&amp;lt;xss&amp;gt;');

wiki.pl

@@ -1909,6 +1909,8 @@ sub RssItem {
   my $name = ItemName($id);
   if (GetParam('full', 0)) { # full page means summary is not shown
     $summary = PageHtml($id, 50 * 1024, T('This page is too big to send over RSS.'));
+  } else {
+    $summary = QuoteHtml($summary); # page summary must be quoted
   }
   my $date = TimeToRFC822($ts);
   $username = QuoteHtml($username);