From 2f25204be99c18bc426639c399b5a65df61747dd Mon Sep 17 00:00:00 2001
From: HelloZeroNet <hello@noloop.me>
Date: Thu, 18 Feb 2016 19:44:52 +0100
Subject: [PATCH] Rev905, Escape title and query string

---
 src/Config.py       | 2 +-
 src/Ui/UiRequest.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Config.py b/src/Config.py
index 8832f1a2..f6414e14 100644
--- a/src/Config.py
+++ b/src/Config.py
@@ -8,7 +8,7 @@ class Config(object):
 
     def __init__(self, argv):
         self.version = "0.3.6"
-        self.rev = 903
+        self.rev = 905
         self.argv = argv
         self.action = None
         self.config_file = "zeronet.conf"
diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index 915fc9f8..1348eac3 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -274,10 +274,10 @@ class UiRequest(object):
             file_url=file_url,
             file_inner_path=file_inner_path,
             address=site.address,
-            title=title,
+            title=cgi.escape(title, True),
             body_style=body_style,
             meta_tags=meta_tags,
-            query_string=query_string,
+            query_string=re.escape(query_string),
             wrapper_key=site.settings["wrapper_key"],
             wrapper_nonce=wrapper_nonce,
             postmessage_nonce_security=postmessage_nonce_security,