/xss.diff Secret

## xss.diff
diff --git a/lib/Mojo/DOM/HTML.pm b/lib/Mojo/DOM/HTML.pm
index cb55275..7fddb0c 100644
--- a/lib/Mojo/DOM/HTML.pm
+++ b/lib/Mojo/DOM/HTML.pm
@@ -1,7 +1,7 @@
 package Mojo::DOM::HTML;
 use Mojo::Base -base;

-use Mojo::Util qw(html_unescape xml_escape);
+use Mojo::Util qw(html_unescape xss_escape);
 use Scalar::Util 'weaken';

 has tree => sub { ['root'] };
@@ -195,7 +195,7 @@ sub _render {

   # Text (escaped)
   my $type = $tree->[0];
-  return xml_escape $tree->[1] if $type eq 'text';
+  return xss_escape $tree->[1] if $type eq 'text';

   # Raw text
   return $tree->[1] if $type eq 'raw';
@@ -224,7 +224,7 @@ sub _render {
   for my $key (sort keys %{$tree->[2]}) {
     my $value = $tree->[2]{$key};
     $result .= $xml ? qq{ $key="$key"} : " $key" and next unless defined $value;
-    $result .= qq{ $key="} . xml_escape($value) . '"';
+    $result .= qq{ $key="} . xss_escape($value) . '"';
   }

   # No children
diff --git a/lib/Mojo/Util.pm b/lib/Mojo/Util.pm
index 3519705..6d2657e 100644
--- a/lib/Mojo/Util.pm
+++ b/lib/Mojo/Util.pm
@@ -342,7 +342,7 @@ sub xor_encode {

 sub xss_escape {
   no warnings 'uninitialized';
-  ref $_[0] eq 'Mojo::ByteStream' ? $_[0] : xml_escape("$_[0]");
+  length(ref $_[0]) && ref $_[0] eq 'Mojo::ByteStream' ? $_[0] : xml_escape("$_[0]");
 }

 sub _adapt {
	diff --git a/lib/Mojo/DOM/HTML.pm b/lib/Mojo/DOM/HTML.pm
	index cb55275..7fddb0c 100644
	--- a/lib/Mojo/DOM/HTML.pm
	+++ b/lib/Mojo/DOM/HTML.pm
	@@ -1,7 +1,7 @@
	package Mojo::DOM::HTML;
	use Mojo::Base -base;

	-use Mojo::Util qw(html_unescape xml_escape);
	+use Mojo::Util qw(html_unescape xss_escape);
	use Scalar::Util 'weaken';

	has tree => sub { ['root'] };
	@@ -195,7 +195,7 @@ sub _render {

	# Text (escaped)
	my $type = $tree->[0];
	- return xml_escape $tree->[1] if $type eq 'text';
	+ return xss_escape $tree->[1] if $type eq 'text';

	# Raw text
	return $tree->[1] if $type eq 'raw';
	@@ -224,7 +224,7 @@ sub _render {
	for my $key (sort keys %{$tree->[2]}) {
	my $value = $tree->[2]{$key};
	$result .= $xml ? qq{ $key="$key"} : " $key" and next unless defined $value;
	- $result .= qq{ $key="} . xml_escape($value) . '"';
	+ $result .= qq{ $key="} . xss_escape($value) . '"';
	}

	# No children
	diff --git a/lib/Mojo/Util.pm b/lib/Mojo/Util.pm
	index 3519705..6d2657e 100644
	--- a/lib/Mojo/Util.pm
	+++ b/lib/Mojo/Util.pm
	@@ -342,7 +342,7 @@ sub xor_encode {

	sub xss_escape {
	no warnings 'uninitialized';
	- ref $_[0] eq 'Mojo::ByteStream' ? $_[0] : xml_escape("$_[0]");
	+ length(ref $_[0]) && ref $_[0] eq 'Mojo::ByteStream' ? $_[0] : xml_escape("$_[0]");
	}

	sub _adapt {