From 9c8e68f8923194d5cb2d0337227deacdf9f867bf Mon Sep 17 00:00:00 2001
From: Ben Longbons <b.r.longbons@gmail.com>
Date: Fri, 14 Jun 2013 10:52:20 -0700
Subject: Escape URL strings in news.html

---
 _news_colors.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/_news_colors.py b/_news_colors.py
index 8b0c00b..e98f73b 100644
--- a/_news_colors.py
+++ b/_news_colors.py
@@ -20,6 +20,8 @@
 ##    You should have received a copy of the GNU General Public License
 ##    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import cgi
+
 __all__ = ['make_html_colors_dict', 'make_txt_colors_dict']
 
 class Color(object):
@@ -49,6 +51,7 @@ class HtmlDate(object):
 class HtmlLink(object):
     __slots__ = ()
     def __format__(self, target):
+        target = cgi.escape(target, True)
         return '<a href="%s">%s</a>' % (target, target)
 
 class HtmlSignature(object):
-- 
cgit v1.2.3-60-g2f50