From 09d00026228dd8af412127735a93cd281820324f Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 2 Feb 2015 14:02:42 +0100
Subject: [PATCH] Sanitize exported file properly

---
 controller/rest/bookmarkcontroller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/rest/bookmarkcontroller.php b/controller/rest/bookmarkcontroller.php
index 557a0bfa..cfc154b5 100644
--- a/controller/rest/bookmarkcontroller.php
+++ b/controller/rest/bookmarkcontroller.php
@@ -241,7 +241,7 @@ EOT;
 				$url_parts = parse_url($bm['url']);
 				$title = isset($url_parts['host']) ? OCA\Bookmarks\Controller\Lib\Helper::getDomainWithoutExt($url_parts['host']) : $bm['url'];
 			}
-			$file .= '<DT><A HREF="' . $bm['url'] . '" TAGS="' . implode(',', $bm['tags']) . '">';
+			$file .= '<DT><A HREF="' . \OC_Util::sanitizeHTML($bm['url']) . '" TAGS="' . implode(',', \OC_Util::sanitizeHTML($bm['tags'])) . '">';
 			$file .= htmlspecialchars($title, ENT_QUOTES, 'UTF-8') . '</A>';
 			if ($bm['description'])
 				$file .= '<DD>' . htmlspecialchars($bm['description'], ENT_QUOTES, 'UTF-8');