XSS Security Fix

There  was a XSS vulnerability in the handling of categories. Now they are escaped.

lib/chunks/category.rb

@@ -16,7 +16,7 @@ class Category < Chunk::Abstract
 def initialize(match_data, content)
     super(match_data, content)
     @hidden = match_data[1]
-    @list = match_data[2].split(',').map { |c| c.strip }
+    @list = match_data[2].split(',').map { |c| html_escape(c.strip) }
     @unmask_text = ''
     if @hidden
       @unmask_text = ''

lib/chunks/chunk.rb

@@ -74,6 +74,13 @@ module Chunk
       @content.delete_chunk(self)
     end
 
+    def  html_escape(string)
+      string.gsub( /&/, "&" ).
+             gsub( /</, "&lt;" ).
+             gsub( />/, "&gt;" ).
+             gsub( /"/, "&quot;" )
+    end
+
   end
 
 end