From 335a77635160fea358a27ae6c7fb6fe79a352ae8 Mon Sep 17 00:00:00 2001
From: Lotus <lotus@localhost>
Date: Sat, 28 Jan 2012 13:25:12 +0100
Subject: [PATCH] xss hardening on Status.html

---
 htroot/Status.java   | 2 +-
 htroot/api/feed.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htroot/Status.java b/htroot/Status.java
index ab9243c60..74858e834 100644
--- a/htroot/Status.java
+++ b/htroot/Status.java
@@ -247,7 +247,7 @@ public class Status
         } else if ( Seed.PEERTYPE_PRINCIPAL.equals(peerStatus) ) {
             prop.put(PEERSTATUS, "3");
             prop.put("hintStatusPrincipal", "1");
-            prop.put("hintStatusPrincipal_seedURL", sb.peers.mySeed().get(Seed.SEEDLISTURL, "?"));
+            prop.putHTML("hintStatusPrincipal_seedURL", sb.peers.mySeed().get(Seed.SEEDLISTURL, "?"));
         }
         prop.putHTML("peerName", thisName);
         prop.put("hash", thisHash);
diff --git a/htroot/api/feed.java b/htroot/api/feed.java
index 7b96dc81e..aa24bce52 100644
--- a/htroot/api/feed.java
+++ b/htroot/api/feed.java
@@ -74,7 +74,7 @@ public class feed {
                 prop.putXML("item_" + messageCount + "_description", message.getDescription());
                 prop.putXML("item_" + messageCount + "_link", message.getLink());
                 prop.put("item_" + messageCount + "_pubDate", message.getPubDate());
-                prop.put("item_" + messageCount + "_guid", message.getGuid());
+                prop.putXML("item_" + messageCount + "_guid", message.getGuid());
                 messageCount++;
                 messageMaxCount--;
             }