Only in Mojolicious-0.999925.xss: Changes.orig Only in Mojolicious-0.999925.xss: Changes.rej diff -ur Mojolicious-0.999925/lib/Mojolicious/Plugin/TagHelpers.pm Mojolicious-0.999925.xss/lib/Mojolicious/Plugin/TagHelpers.pm --- Mojolicious-0.999925/lib/Mojolicious/Plugin/TagHelpers.pm 2010-05-25 19:21:45.000000000 +0300 +++ Mojolicious-0.999925.xss/lib/Mojolicious/Plugin/TagHelpers.pm 2011-05-03 20:18:35.768803106 +0300 @@ -73,7 +73,7 @@ my $captures = ref $_[0] eq 'HASH' ? shift : {}; # Default content - push @_, sub { ucfirst $name } + push @_, sub { $name = Mojo::ByteStream->new($name)->xml_escape->to_string; ucfirst $name } unless defined $_[-1] && ref $_[-1] eq 'CODE'; $self->_tag('a', href => $c->url_for($name, $captures), @_);