Anagram: HTML encode scrambles.

Although this isn't _exactly_ a user-supplied string, it is still somewhat under their control. Better safe than sorry. Thanks to @mintsoft for the suggestion.
2014-10-07 20:58:10 +02:00 · 2014-10-07 20:58:10 +02:00 · 0e95d935b4
parent e3bc84c52d
commit 0e95d935b4
1 changed files with 1 additions and 1 deletions
--- a/lib/DDG/Goodie/Anagram.pm
+++ b/lib/DDG/Goodie/Anagram.pm
@ -105,7 +105,7 @@ handle remainder => sub {
        } while ($w eq $match_word);
        # Do not cache the scrambled versions since the shuffle is random.
        return $word,
-          html      => html_output('Sorry, we found no anagrams for "' . html_enc($word) . '". We scrambled it for you:', $w),
+          html      => html_output('Sorry, we found no anagrams for "' . html_enc($word) . '". We scrambled it for you:', html_enc($w)),
          is_cached => 0;
    }