duckduckgo
/
zeroclickinfo-goodies
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Anagram: Fix XSS 

Sorry... I messed up this one too. Please, test it before merging -- I'm in the US (wooo!) and I have a very crappy laptop.
master
Dani 2014-08-15 00:36:11 +02:00
parent 3eb97e456e
commit 85bdae6591
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/DDG/Goodie/Anagram.pm
View File

@ -3,6 +3,7 @@ package DDG::Goodie::Anagram;
use DDG::Goodie;
use List::Util 'shuffle';
use HTML::Entities qw(encode_entities);
triggers start => "anagram", "anagrams";
@ -121,11 +122,11 @@ handle remainder => sub {
my @chars = shuffle split (//, $word);
$w = join '', @chars;
} while ($w eq $word);
return $word, html => html_output ("Sorry, we found no anagrams for \"$word\". We scrambled it for you:", $w);
return $word, html => html_output ('Sorry, we found no anagrams for "'.encode_entities $word.'". We scrambled it for you:', $w);
}
my $response = join ', ', @output;
my $output_str = "Anagrams of \"$word\"";
my $output_str = 'Anagrams of '.encode_entities $word.'"';
unless ($full_word) {
$output_str .= " of length $len";
}