HTML-escape some fields

2016-02-17 13:56:03 -06:00 · 2016-02-17 13:56:03 -06:00 · d5c005d948
parent 5339bb50d8
commit d5c005d948
1 changed files with 3 additions and 3 deletions
--- a/lib/msf/util/document_generator.rb
+++ b/lib/msf/util/document_generator.rb
@ -38,7 +38,7 @@ module Msf
            ## Module Name
-            #{items[:mod_fullname]}
+            #{Rex::Text.html_encode(items[:mod_fullname])}
            ## Authors
@ -107,9 +107,9 @@ module Msf
        def normalize_authors(authors)
          if authors.kind_of?(Array)
-            authors.collect { |a| "* #{a}" } * "\n"
+            authors.collect { |a| "* #{Rex::Text.html_encode(a)}" } * "\n"
          else
-            authors
+            Rex::Text.html_encode(authors)
          end
        end