Also, apply HTML-encoding as necessary, because I'd failed to do that.
sub scale ($$) {
my ($me, $scale) = @_;
sub scale ($$) {
my ($me, $scale) = @_;
+ my $m = HTML::Mason::Request->instance;
my $path = $me->{path};
my $sz = $SIZE{$scale} or die "unknown scale `$scale'";
my $thumb = "$CACHE/scale.$sz/$path";
my $path = $me->{path};
my $sz = $SIZE{$scale} or die "unknown scale `$scale'";
my $thumb = "$CACHE/scale.$sz/$path";
- my $thumburl = "$CACHEURL/scale.$sz/$path";
+ my $thumburl =
+ $m->interp->apply_escapes("$CACHEURL/scale.$sz/$path", "u");
my $st = stat $thumb;
if (defined $st && $st->mtime > $me->{mtime}) { return $thumburl; }
my $st = stat $thumb;
if (defined $st && $st->mtime > $me->{mtime}) { return $thumburl; }
% else { $tn = "$STATICURL/folder.svg"; }
% if ($focus) {
<figure class="thumb focusthumb <% $size %>">
% else { $tn = "$STATICURL/folder.svg"; }
% if ($focus) {
<figure class="thumb focusthumb <% $size %>">
- <img class="thumb <% $size %>" load=lazy src="<% $tn |u %>">
+ <img class="thumb <% $size %>" load=lazy src="<% $tn |h %>">
<figcaption><span class=name><% $caption %></span></figcaption>
% } else {
<figure class="thumb <% $size %>">
<a class=thumb href="<% $target |u %>">
<figcaption><span class=name><% $caption %></span></figcaption>
% } else {
<figure class="thumb <% $size %>">
<a class=thumb href="<% $target |u %>">
- <img class="thumb <% $size %>" load=lazy src="<% $tn |u %>">
+ <img class="thumb <% $size %>" load=lazy src="<% $tn |h %>">
<figcaption>
<span class=name><% $caption %></span>
% if (defined $comment) {
<figcaption>
<span class=name><% $caption %></span>
% if (defined $comment) {