diff --git a/lib/rss.js b/lib/rss.js
index d117d49f..ae1e3b26 100644
--- a/lib/rss.js
+++ b/lib/rss.js
@@ -1,12 +1,24 @@
const SITE_URL = 'https://stacker.news'
const SITE_TITLE = 'Stacker News'
-const SITE_SUBTITLE = 'Like Hacker News, but with sats'
+const SITE_SUBTITLE = 'Like Hacker News, but we pay you Bitcoin.'
+
+function escapeXml (unsafe) {
+ return unsafe.replace(/[<>&'"]/g, function (c) {
+ switch (c) {
+ case '<': return '<'
+ case '>': return '>'
+ case '&': return '&'
+ case '\'': return '''
+ case '"': return '"'
+ }
+ })
+}
const generateRssItem = (item) => {
return `
-
${SITE_URL}/items/${item.id}
- ${item.title}
+ ${escapeXml(item.title)}
${SITE_URL}/items/${item.id}
${new Date(item.createdAt).toUTCString()}
@@ -16,14 +28,14 @@ const generateRssItem = (item) => {
export default function generateRssFeed (items) {
const itemsList = items.map(generateRssItem)
return `
-
+
${SITE_TITLE}
${SITE_URL}
${SITE_SUBTITLE}
en
${new Date().toUTCString()}
-
+ ${SITE_URL}
${itemsList.join('')}