Debian Patches
Status for libtemplate-perl/3.102-3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-fix-escape-single-quotes-in-html_filter-and-HTML.esc.patch | fix: escape single quotes in html_filter and HTML.escape Single quotes were not escaped by the HTML filter or HTML plugin's escape method, creating XSS risk in single-quoted HTML attributes. Uses ' (numeric entity) which is valid across all HTML versions, unlike ' which is only defined in XML. The xml_filter already handled single quotes via ' — its comment is updated to clarify the distinction. Test coverage added for both filter.t, html.t and vmethods/text.t. |
Kōan <koan.bot@atoomic.org> | yes | debian upstream | https://github.com/cpan-authors/Template2/commit/11c78a7a771d4af505efeb754a0b8775689c2eae | 2026-02-20 |