duckduckgo
/
zeroclickinfo-goodies
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #588 from gdrooid/patch-1 

Anagram: Fix XSS
master
Rob Emery 2014-08-15 12:54:05 +01:00
parent 3eb97e456e 1c52504734
commit 16fde70158
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/DDG/Goodie/Anagram.pm
View File

@ -3,6 +3,7 @@ package DDG::Goodie::Anagram;
use DDG::Goodie;
use List::Util 'shuffle';
use HTML::Entities qw(encode_entities);
triggers start => "anagram", "anagrams";
@ -121,11 +122,11 @@ handle remainder => sub {
my @chars = shuffle split (//, $word);
$w = join '', @chars;
} while ($w eq $word);
return $word, html => html_output ("Sorry, we found no anagrams for \"$word\". We scrambled it for you:", $w);
return $word, html => html_output ('Sorry, we found no anagrams for "'.encode_entities ($word).'". We scrambled it for you:', $w);
}
my $response = join ', ', @output;
my $output_str = "Anagrams of \"$word\"";
my $output_str = 'Anagrams of '.encode_entities ($word).'"';
unless ($full_word) {
$output_str .= " of length $len";
}