From 2dafe0c1880b922d75a288f371fa976066589fd7 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 10 Feb 2009 18:36:31 +0000
Subject: Closes #756: htmlentities on all output forms

git-svn-id: https://code.elgg.org/elgg/trunk@2711 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 views/default/output/url.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'views/default/output/url.php')

diff --git a/views/default/output/url.php b/views/default/output/url.php
index d4c6ce9fa..af4582fba 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -20,7 +20,7 @@
 	    if ((substr_count($val, "http://") == 0) && (substr_count($val, "https://") == 0)) {
 	        $val = "http://" . $val;
 	    }
-	    echo "<a href=\"{$val}\" target=\"_blank\">{$val}</a>";
+	    echo "<a href=\"{$val}\" target=\"_blank\">". htmlentities($val, null, 'UTF-8'). "</a>";
     }
 
 ?>
\ No newline at end of file
-- 
cgit v1.2.3