From ff96ef22c34b6fa5e081141d9c0bba2dcb918e06 Mon Sep 17 00:00:00 2001
From: Steve Purcell <steve@sanityinc.com>
Date: Wed, 16 Jan 2013 19:36:02 +0000
Subject: [PATCH] Escape < and > in updates.rss item titles

---
 html/updates.rss.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/updates.rss.erb b/html/updates.rss.erb
index 4d6c0057..e4a4ec70 100644
--- a/html/updates.rss.erb
+++ b/html/updates.rss.erb
@@ -28,7 +28,7 @@
         package.info_url = "#{base_url}##{pkgname}"
     %>
       <item>
-        <title><%= package.name %> (<%= package.version %>) --- <%= package.description %></title>
+        <title><%= package.name %> (<%= package.version %>) --- <%= ERB::Util.html_escape package.description %></title>
         <description>The <%= package.name %> package in MELPA has been updated to version <%= package.version %>.</description>
         <pubDate><%= package.build_time.rfc822 %></pubDate>
         <guid isPermaLink="true"><%= package.url %></guid>