Scrub all atom output with common_xml_safe_str()

2 files changed, 12 insertions, 4 deletions

diff --git a/classes/Notice.php b/classes/Notice.php
index 40a6263e5..a704053a0 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -1151,7 +1151,7 @@ class Notice extends Memcached_DataObject
             $xs->elementEnd('source');
         }
 
-        $xs->element('title', null, $this->content);
+        $xs->element('title', null, common_xml_safe_str($this->content));
 
         if ($author) {
             $xs->raw($profile->asAtomAuthor());
@@ -1227,7 +1227,11 @@ class Notice extends Memcached_DataObject
             }
         }
 
-        $xs->element('content', array('type' => 'html'), $this->rendered);
+        $xs->element(
+            'content',
+            array('type' => 'html'),
+            common_xml_safe_str($this->rendered)
+        );
 
         $tag = new Notice_tag();
         $tag->notice_id = $this->id;
diff --git a/classes/User_group.php b/classes/User_group.php
index f29594502..63a407b4c 100644
--- a/classes/User_group.php
+++ b/classes/User_group.php
@@ -379,7 +379,7 @@ class User_group extends Memcached_DataObject
         }
 
         $xs->element('title', null, $this->nickname);
-        $xs->element('summary', null, $this->description);
+        $xs->element('summary', null, common_xml_safe_str($this->description));
 
         $xs->element('link', array('rel' => 'alternate',
                                    'href' => $this->permalink()));
@@ -389,7 +389,11 @@ class User_group extends Memcached_DataObject
         $xs->element('published', null, common_date_w3dtf($this->created));
         $xs->element('updated', null, common_date_w3dtf($this->modified));
 
-        $xs->element('content', array('type' => 'html'), $this->description);
+        $xs->element(
+            'content',
+            array('type' => 'html'),
+            common_xml_safe_str($this->description)
+        );
 
         $xs->elementEnd('entry');