generate_syndicated_feed: sanitize content excerpt

classes/handler/public.php

@@ -128,7 +128,7 @@ class Handler_Public extends Handler {
 			$tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
 			while ($line = $this->dbh->fetch_assoc($result)) {
 
-				$line["content_preview"] = truncate_string(strip_tags($line["content"]), 100, '...');
+				$line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...'));
 
 				foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
 					$line = $p->hook_query_headlines($line);
@@ -220,7 +220,7 @@ class Handler_Public extends Handler {
 
 			while ($line = $this->dbh->fetch_assoc($result)) {
 
-				$line["content_preview"] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
+				$line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...'));
 
 				foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
 					$line = $p->hook_query_headlines($line, 100);