From d5edc9b47748b5dfc4097b6023e0b26d6491236d Mon Sep 17 00:00:00 2001
From: maxwell <maxwell@joindiaspora.com>
Date: Wed, 15 Dec 2010 12:27:52 -0800
Subject: [PATCH] CGI::escaping for proper, good juju activity streams

---
 .gitignore                      |   1 +
 app/models/status_message.rb    |   2 +-
 dump.rdb                        | Bin 66 -> 0 bytes
 lib/diaspora/ostatus_builder.rb |   2 +-
 4 files changed, 3 insertions(+), 2 deletions(-)
 delete mode 100644 dump.rdb

diff --git a/.gitignore b/.gitignore
index c6384487a..5e28dee54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,4 @@ bin/*
 nbproject
 patches-*
 capybara-*.html
+dump.rdb
diff --git a/app/models/status_message.rb b/app/models/status_message.rb
index 33b7d4c8c..2c36387df 100644
--- a/app/models/status_message.rb
+++ b/app/models/status_message.rb
@@ -24,7 +24,7 @@ class StatusMessage < Post
   def to_activity
     <<-XML
   <entry>
-    <title>#{self.message}</title>
+    <title>#{CGI::escape(self.message)}</title>
     <link rel="alternate" type="text/html" href="#{person.url}status_messages/#{self.id}"/>
     <id>#{person.url}status_messages/#{self.id}</id>
     <published>#{self.created_at.xmlschema}</published>
diff --git a/dump.rdb b/dump.rdb
deleted file mode 100644
index 04bb32a05ad042c1f519b5c6eb609097e1f696dd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 66
zcmWG?b@2=~FfcIu$G{+3lv-R^nrc;Cl2~F@P?VpXT3no(a)6167b*diEKMzDV#!U+
P%waD|O-{`$OZ^W3>y8(r

diff --git a/lib/diaspora/ostatus_builder.rb b/lib/diaspora/ostatus_builder.rb
index 6ea1ede89..21b568cf1 100644
--- a/lib/diaspora/ostatus_builder.rb
+++ b/lib/diaspora/ostatus_builder.rb
@@ -33,7 +33,7 @@ module Diaspora
 <subtitle>Posts from Diaspora</subtitle>
 <updated>#{Time.now.xmlschema}</updated>
 <author>
-  <name>#{@user.name}</name>
+  <name>#{CGI::escape(@user.name)}</name>
   <uri>#{@user.public_url}</uri>
 </author>
       XML