browser: escape titles in resource links

Recent data includes at least "<textarea>" in #readonly-attr,
breaking further HTML if left unescaped.

diff --git a/browser.plp b/browser.plp
index f8b20a9eeab7726a483fc05444300038dbd48b8e..4a964fd6bc89a66642fc405e6fc3e358a1baddbc 100644 (file)
--- a/browser.plp
+++ b/browser.plp
@@ -339,7 +339,7 @@ sub saytitlecol {
                say '</p>';
        }
        printf 'Resources: %s.', join(', ', map {
                say '</p>';
        }
        printf 'Resources: %s.', join(', ', map {

-               sprintf '<a href="%s">%s</a>', EscapeHTML($_->{url}), $_->{title}
+               sprintf '<a href="%s">%s</a>', EscapeHTML($_->{url}), EscapeHTML($_->{title})

        } @$_) for grep { @$_ } $row->{links} // ();
        printf '<br>Parent feature: %s.', join(', ', map {
                sprintf '<a href="%s">%s</a>', EscapeHTML("#$_"), $caniuse->{data}->{$_}->{title}
        } @$_) for grep { @$_ } $row->{links} // ();
        printf '<br>Parent feature: %s.', join(', ', map {
                sprintf '<a href="%s">%s</a>', EscapeHTML("#$_"), $caniuse->{data}->{$_}->{title}