web/notify.moe
Code Issues Pull Requests Activity

Sanitize title input for activities

Browse Source
This commit is contained in:
Eduard Urbach 2018-11-05 12:55:12 +09:00
parent 1ffa6c3461
commit e21e3498f7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pages/activity/activity.pixy
View File

@ -13,4 +13,4 @@ component ActivityPost(post *arn.Post, user *arn.User)
//- span commented on //- span commented on
//- a(href=post.Parent().Link())= post.Parent().TitleByUser(user) //- a(href=post.Parent().Link())= post.Parent().TitleByUser(user)
Postable(post, user, fmt.Sprintf(`<p class="activity-header"><a href="%s">%s</a></p>`, post.Parent().Link(), post.Parent().TitleByUser(user)), "") Postable(post, user, fmt.Sprintf(`<p class="activity-header"><a href="%s">%s</a></p>`, post.Parent().Link(), html.EscapeString(post.Parent().TitleByUser(user))), "")