From a087410177c0a90cf422cb61ee302a6de2e483ee Mon Sep 17 00:00:00 2001
From: Maurice Parker <mo@vincode.io>
Date: Fri, 7 Jun 2019 15:53:13 -0500
Subject: [PATCH] escape title HTML in web view.  Issue #722

---
 Shared/Article Rendering/ArticleRenderer.swift | 5 +++--
 submodules/RSWeb                               | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Shared/Article Rendering/ArticleRenderer.swift b/Shared/Article Rendering/ArticleRenderer.swift
index 7643b1091..c37b49793 100644
--- a/Shared/Article Rendering/ArticleRenderer.swift	
+++ b/Shared/Article Rendering/ArticleRenderer.swift	
@@ -86,10 +86,11 @@ private extension ArticleRenderer {
 	}
 
 	func titleOrTitleLink() -> String {
+		let escapedTitle = title.escapeHTML()
 		if let link = article?.preferredLink {
-			return title.htmlByAddingLink(link)
+			return escapedTitle.htmlByAddingLink(link)
 		}
-		return title
+		return escapedTitle
 	}
 
 	func substitutions() -> [String: String] {
diff --git a/submodules/RSWeb b/submodules/RSWeb
index 59685e506..f6bfc2bc7 160000
--- a/submodules/RSWeb
+++ b/submodules/RSWeb
@@ -1 +1 @@
-Subproject commit 59685e50640cd4629294bf2c0d63193ffa4ccc74
+Subproject commit f6bfc2bc74923d800c1e8c8e997009c81aec8f20