$sig =~ s/\n/<br>\n/g;
if ($qu && $qm == 0) {
# Quoted HTML as cite
- $quote = "$writer\n".
+ $quote = &html_escape($writer)."\n".
"<blockquote type=cite>\n".
&safe_html($htmlbody->{'data'}).
"</blockquote>".$sig."<br>\n";
elsif ($qu && $qm == 1) {
# Quoted HTML below line
$quote = "<br>$sig<hr>".
- "$writer<br>\n".
+ &html_escape($writer)."<br>\n".
&safe_html($htmlbody->{'data'});
}
else {
$pd =~ s/\s+$//g;
if ($qu && $qm == 0) {
# Quoted plain text as HTML as cite
- $quote = "$writer\n".
+ $quote = &html_escape($writer)."\n".
"<blockquote type=cite>\n".
"<pre>$pd</pre>".
"</blockquote>".$sig."<br>\n";
elsif ($qu && $qm == 1) {
# Quoted plain text as HTML below line
$quote = "<br>$sig<hr>".
- "$writer<br>\n".
+ &html_escape($writer)."<br>\n".
"<pre>$pd</pre><br>\n";
}
else {