Commit 606345b0f for imagemagick.org

commit 606345b0fbe5b71e4675c7dd5a885bb94b9c800a
Author: Cristy <urban-warrior@imagemagick.org>
Date:   Sat Jun 13 19:41:48 2026 -0400

    https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hc76-7mpc-qjqh

diff --git a/coders/html.c b/coders/html.c
index 125796d73..4a19a8459 100644
--- a/coders/html.c
+++ b/coders/html.c
@@ -441,16 +441,18 @@ static MagickBooleanType WriteHTMLImage(const ImageInfo *image_info,
   /*
     Write an image map.
   */
-  (void) FormatLocaleString(buffer,MagickPathExtent,
-    "<map id=\"%s\" name=\"%s\">\n",mapname,mapname);
-  (void) WriteBlobString(image,buffer);
-  (void) FormatLocaleString(buffer,MagickPathExtent,"  <area href=\"%s",url);
-  (void) WriteBlobString(image,buffer);
+  (void) WriteHtmlEncodedString(image,mapname);
+  (void) WriteBlobString(image,"\" name=\"");
+  (void) WriteHtmlEncodedString(image,mapname);
+  (void) WriteBlobString(image,"\">\n");
+  (void) WriteBlobString(image,"  <area href=\"");
+  (void) WriteHtmlEncodedString(image,url);
   if (image->directory == (char *) NULL)
     {
+      (void) WriteHtmlEncodedString(image,image->filename);
       (void) FormatLocaleString(buffer,MagickPathExtent,
-        "%s\" shape=\"rect\" coords=\"0,0,%.20g,%.20g\" alt=\"\" />\n",
-        image->filename,(double) geometry.width-1,(double) geometry.height-1);
+        "\" shape=\"rect\" coords=\"0,0,%.20g,%.20g\" alt=\"\" />\n",
+        (double) geometry.width-1,(double) geometry.height-1);
       (void) WriteBlobString(image,buffer);
     }
   else