From 85bdae6591303d82d3715ba2838a12846384c623 Mon Sep 17 00:00:00 2001
From: Dani <gdrooid@openmailbox.org>
Date: Fri, 15 Aug 2014 00:36:11 +0200
Subject: [PATCH 1/2] Anagram: Fix XSS

Sorry... I messed up this one too. Please, test it before merging -- I'm in the US (wooo!) and I have a very crappy laptop.
---
 lib/DDG/Goodie/Anagram.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/DDG/Goodie/Anagram.pm b/lib/DDG/Goodie/Anagram.pm
index a6f78cf68..0691c7977 100644
--- a/lib/DDG/Goodie/Anagram.pm
+++ b/lib/DDG/Goodie/Anagram.pm
@@ -3,6 +3,7 @@ package DDG::Goodie::Anagram;
 
 use DDG::Goodie;
 use List::Util 'shuffle';
+use HTML::Entities qw(encode_entities);
 
 triggers start => "anagram", "anagrams";
 
@@ -121,11 +122,11 @@ handle remainder => sub {
             my @chars = shuffle split (//, $word);
             $w = join '', @chars;
         } while ($w eq $word);
-        return $word, html => html_output ("Sorry, we found no anagrams for \"$word\". We scrambled it for you:", $w);
+        return $word, html => html_output ('Sorry, we found no anagrams for "'.encode_entities $word.'". We scrambled it for you:', $w);
     }
 
     my $response = join ', ', @output;
-    my $output_str = "Anagrams of \"$word\"";
+    my $output_str = 'Anagrams of '.encode_entities $word.'"';
     unless ($full_word) {
         $output_str .= " of length $len";
     }

From 1c5250473426089a20c23fddcb447154a90bf7b2 Mon Sep 17 00:00:00 2001
From: Dani <gdrooid@openmailbox.org>
Date: Fri, 15 Aug 2014 01:59:44 +0200
Subject: [PATCH 2/2] Update Anagram.pm

---
 lib/DDG/Goodie/Anagram.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/DDG/Goodie/Anagram.pm b/lib/DDG/Goodie/Anagram.pm
index 0691c7977..f856abd38 100644
--- a/lib/DDG/Goodie/Anagram.pm
+++ b/lib/DDG/Goodie/Anagram.pm
@@ -122,11 +122,11 @@ handle remainder => sub {
             my @chars = shuffle split (//, $word);
             $w = join '', @chars;
         } while ($w eq $word);
-        return $word, html => html_output ('Sorry, we found no anagrams for "'.encode_entities $word.'". We scrambled it for you:', $w);
+        return $word, html => html_output ('Sorry, we found no anagrams for "'.encode_entities ($word).'". We scrambled it for you:', $w);
     }
 
     my $response = join ', ', @output;
-    my $output_str = 'Anagrams of '.encode_entities $word.'"';
+    my $output_str = 'Anagrams of '.encode_entities ($word).'"';
     unless ($full_word) {
         $output_str .= " of length $len";
     }