mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2026-01-07 15:31:34 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix XSS in title and input bar

Browse Source
This commit is contained in:
Omar Roth
2018-11-08 17:27:21 -06:00
parent 1ea563f4f1
commit 28f564ee4c
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/invidious/views/template.ecr
View File

@@ -35,7 +35,7 @@
<div class="pure-u-1 pure-u-md-12-24 searchbar">
<form class="pure-form" action="/search" method="get">
<fieldset>
<input type="search" style="width:100%;" name="q" placeholder="search" value="<%= env.params.query["q"]?.try {|x| HTML.escape(x)} || env.get?("search").try {|x| HTML.escape(x.as(String)) } %>">
<input type="search" style="width:100%;" name="q" placeholder="search" value="<%= env.get?("search").try {|x| HTML.escape(x.as(String)) } || env.params.query["q"]?.try {|x| HTML.escape(x)} %>">
</fieldset>
</form>
</div>