ui-repolist: HTML-escape cgit_rooturl() response

This is for consistency with other callers.  The value returned from
cgit_rooturl is not guaranteed to be HTML-safe.

Signed-off-by: John Keeping <john@keeping.me.uk>

diff --git a/ui-repolist.c b/ui-repolist.c
index f622a0130184843206932969a84d5587352c8f4a..7b1fec307f2f0927034d9b8299d2bd9a379730cb 100644 (file)
--- a/ui-repolist.c
+++ b/ui-repolist.c
@@ -106,7 +106,9 @@ static int is_in_url(struct cgit_repo *repo)
 
 static void print_sort_header(const char *title, const char *sort)
 {
-       htmlf("<th class='left'><a href='%s?s=%s", cgit_rooturl(), sort);
+       html("<th class='left'><a href='");
+       html_attr(cgit_rooturl());
+       htmlf("?s=%s", sort);
        if (ctx.qry.search) {
                html("&amp;q=");
                html_url_arg(ctx.qry.search);