From 14f111c2e3f20f563dfbe17181f77bfaa9cd57ef Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Sun, 28 Aug 2016 18:38:15 +0300
Subject: Tags: should be escaped in db and unescaped in templates

---
 juick-www/src/main/java/com/juick/www/Discover.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'juick-www/src/main/java/com/juick/www/Discover.java')

diff --git a/juick-www/src/main/java/com/juick/www/Discover.java b/juick-www/src/main/java/com/juick/www/Discover.java
index 1954aac9..4fd8c3b6 100644
--- a/juick-www/src/main/java/com/juick/www/Discover.java
+++ b/juick-www/src/main/java/com/juick/www/Discover.java
@@ -20,6 +20,7 @@ package com.juick.www;
 import com.juick.server.AdsQueries;
 import com.juick.server.MessagesQueries;
 import com.juick.server.TagQueries;
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.springframework.jdbc.core.JdbcTemplate;
 
 import javax.servlet.ServletException;
@@ -73,7 +74,7 @@ public class Discover {
 
         int visitor_uid = visitor.getUID();
 
-        String title = "*" + Utils.encodeHTML(paramTag.getName());
+        String title = "*" + StringEscapeUtils.escapeHtml4(paramTag.getName());
         List<Integer> mids = MessagesQueries.getTag(sql, paramTag.TID, visitor_uid, paramBefore, (visitor_uid == 0) ? 40 : 20);
 
         response.setContentType("text/html; charset=UTF-8");
-- 
cgit v1.2.3