From a7ca52dee05819be269b95556da01f965d107a50 Mon Sep 17 00:00:00 2001
From: Mario Lang <mlang@delysid.org>
Date: Tue, 18 Feb 2014 15:01:31 +0100
Subject: [PATCH] Run tag name through escape filter to avoid invalid HTML

If a tag contains characters like <> or &, we currently generate invalid HTML.
This is easily fixed by sending the tag through the jinja escape filter.

(This bug is not theoretical, I hit it when using C++ template names for tags,
 like "boost::variant<>".)
---
 pelican/themes/notmyidea/templates/taglist.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pelican/themes/notmyidea/templates/taglist.html b/pelican/themes/notmyidea/templates/taglist.html
index b8f4ba95..1e0b95a7 100644
--- a/pelican/themes/notmyidea/templates/taglist.html
+++ b/pelican/themes/notmyidea/templates/taglist.html
@@ -1,2 +1,2 @@
-{% if article.tags %}<p>tags: {% for tag in article.tags %}<a href="{{ SITEURL }}/{{ tag.url }}">{{ tag }}</a> {% endfor %}</p>{% endif %}
+{% if article.tags %}<p>tags: {% for tag in article.tags %}<a href="{{ SITEURL }}/{{ tag.url }}">{{ tag | escape }}</a> {% endfor %}</p>{% endif %}
 {% if PDF_PROCESSOR %}<p><a href="{{ SITEURL }}/pdf/{{ article.slug }}.pdf">get the pdf</a></p>{% endif %}