escaping in legacy macros
git-svn-id: https://svn.apache.org/repos/asf/roller/branches/roller_2.3@528644 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/web/WEB-INF/classes/comments.vm b/web/WEB-INF/classes/comments.vm
index 616c3d9..f4b9028 100644
--- a/web/WEB-INF/classes/comments.vm
+++ b/web/WEB-INF/classes/comments.vm
@@ -128,9 +128,11 @@
#set($content = $utilities.encodeEmail($comment.content))
#if($escapeHtml)
#set($content = $utilities.escapeHTML($content))
+ #else
+ #set($content = $utilities.transformToHTMLSubset($utilities.escapeHTML($content)))
#end
#if($autoformat)
- #set($content = $stringUtils.replace($content,"\n","<br />"))
+ #set($content = $utilities.autoformat($content))
#end
#set($content = $utilities.addNofollow($content))
<div class="comment" style="border: 1px solid #dadada; padding-left: 3px; padding-right: 5px;" >