diff options
author | Kevin Decherf <kevin@kdecherf.com> | 2018-09-23 22:46:09 +0200 |
---|---|---|
committer | Kevin Decherf <kevin@kdecherf.com> | 2018-09-23 22:46:09 +0200 |
commit | 66697b29b9fce63deccbed391c406c02a2a34dd2 (patch) | |
tree | a88d710e2f6c9825c40260a355ce56a0a54e5c5b | |
parent | 8013f35d96c42b15c1da28cdff40e97289ad4e25 (diff) | |
download | wallabag-66697b29b9fce63deccbed391c406c02a2a34dd2.tar.gz wallabag-66697b29b9fce63deccbed391c406c02a2a34dd2.tar.zst wallabag-66697b29b9fce63deccbed391c406c02a2a34dd2.zip |
views: escape piwik host and siteId to prevent XSScve-2018-11352
Fixes CVE-2018-11352
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
-rw-r--r-- | src/Wallabag/CoreBundle/Resources/views/base.html.twig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/Wallabag/CoreBundle/Resources/views/base.html.twig b/src/Wallabag/CoreBundle/Resources/views/base.html.twig index 2499bb88..49861946 100644 --- a/src/Wallabag/CoreBundle/Resources/views/base.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/base.html.twig | |||
@@ -69,7 +69,7 @@ | |||
69 | {% block footer %}{% endblock %} | 69 | {% block footer %}{% endblock %} |
70 | 70 | ||
71 | {% if craue_setting('piwik_enabled') %} | 71 | {% if craue_setting('piwik_enabled') %} |
72 | {{ piwik(craue_setting('piwik_host'), craue_setting('piwik_site_id')) }} | 72 | {{ piwik(craue_setting('piwik_host')|e('html_attr'), craue_setting('piwik_site_id')|e('html_attr')) }} |
73 | {% endif %} | 73 | {% endif %} |
74 | </body> | 74 | </body> |
75 | </html> | 75 | </html> |