Index: advanced_help.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/advanced_help/advanced_help.module,v
retrieving revision 1.41
diff -u -p -r1.41 advanced_help.module
--- advanced_help.module	28 Oct 2008 17:33:47 -0000	1.41
+++ advanced_help.module	25 Aug 2010 12:40:49 -0000
@@ -524,8 +524,12 @@ function advanced_help_view_topic($modul
     $info = advanced_help_get_topic($module, $topic);
     $file = "./$file_info[path]/$file_info[file]";
 
-    // @todo is this trusted output?
     $output = file_get_contents($file);
+    if (isset($info['readme file']) && $info['readme file']) {
+      // This is plain text: filter it accordingly
+      $output = check_plain($output);
+    }
+
     // Make some exchanges. The strtr is because url() translates $ into %24
     // but we need to change it back for the regex replacement.
 
@@ -717,6 +721,7 @@ function _advanced_help_parse_ini() {
             'line break' => isset($topic['line break']) ? $topic['line break'] : (isset($cache['settings'][$module]['line break']) ? $cache['settings'][$module]['line break'] : FALSE),
             'navigation' => isset($topic['navigation']) ? $topic['navigation'] : (isset($cache['settings'][$module]['navigation']) ? $cache['settings'][$module]['navigation'] : TRUE),
             'css' => isset($topic['css']) ? $topic['css'] : (isset($cache['settings'][$module]['css']) ? $cache['settings'][$module]['css'] : NULL),
+            'readme file' => isset($topic['readme file']) ? $topic['readme file'] : FALSE,
           );
         }
       }