Add missing sanitization for HTML exporting of bookmarks.

author: wolfbeast <mcwerewolf@gmail.com> 2017-11-23 09:02:55 +0100
committer: wolfbeast <mcwerewolf@gmail.com> 2018-02-08 21:14:22 +0100
commit: 9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842 (patch)
tree: 6036a763e3b865255ee788cbc0d777a023dff512 /toolkit
parent: a2e0f637b2f614440219993dd425cead09945b9b (diff)
download: UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar
UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar.gz
UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar.lz
UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar.xz
UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/toolkit/components/places/BookmarkHTMLUtils.jsm b/toolkit/components/places/BookmarkHTMLUtils.jsm
index a009a5e7c..2285aae6e 100644
--- a/toolkit/components/places/BookmarkHTMLUtils.jsm
+++ b/toolkit/components/places/BookmarkHTMLUtils.jsm
@@ -1145,7 +1145,7 @@ BookmarkExporter.prototype = {
     if (aItem.charset)
       this._writeAttribute("LAST_CHARSET", escapeHtmlEntities(aItem.charset));
     if (aItem.tags)
-      this._writeAttribute("TAGS", aItem.tags);
+      this._writeAttribute("TAGS", escapeHtmlEntities(aItem.tags));
     this._writeLine(">" + escapeHtmlEntities(aItem.title) + "</A>");
     this._writeDescription(aItem, aIndent);
   },
author	wolfbeast <mcwerewolf@gmail.com>	2017-11-23 09:02:55 +0100
committer	wolfbeast <mcwerewolf@gmail.com>	2018-02-08 21:14:22 +0100
commit	9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842 (patch)
tree	6036a763e3b865255ee788cbc0d777a023dff512 /toolkit
parent	a2e0f637b2f614440219993dd425cead09945b9b (diff)
download	UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar.gz UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar.lz UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.tar.xz UXP-9cd7b5a4a6f5d52326ba7bfbf9467853a1e73842.zip