From ecd241e142c5662af50ad98efa54f07ac2443218 Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Wed, 17 Oct 2012 18:41:59 -0400
Subject: [PATCH] gallery.py: escape XML chars (<, &, and >) in caption
 paragraphs.

---
 posts/gallery/gallery.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/posts/gallery/gallery.py b/posts/gallery/gallery.py
index 806af0e..8c7da07 100755
--- a/posts/gallery/gallery.py
+++ b/posts/gallery/gallery.py
@@ -52,6 +52,7 @@ import os.path as _os_path
 import random as _random
 import re as _re
 import subprocess as _subprocess
+import xml.sax.saxutils as _xml_sax_saxutils
 
 
 __version__ = '0.5'
@@ -426,6 +427,7 @@ class CGIGalleryServer (object):
         else:
             content.append(img)
         if caption:
+            caption = _xml_sax_saxutils.escape(caption)
             content.append('<p>{}</p>'.format(caption))
         return content
 
-- 
2.26.2