diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2017-01-17 10:09:04 +0100 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2017-01-17 10:09:04 +0100 |
commit | 3d9950792c0aef20643ce1c5f81670e1f7194af9 (patch) | |
tree | 0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig | |
parent | 96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff) | |
download | wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.gz wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.zst wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.zip |
Fixed possible JS injection via the title edition
Diffstat (limited to 'src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig')
-rw-r--r-- | src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig index 56a0faac..4679714e 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Entry/entries.html.twig | |||
@@ -23,7 +23,7 @@ | |||
23 | 23 | ||
24 | {% for entry in entries %} | 24 | {% for entry in entries %} |
25 | <div id="entry-{{ entry.id|e }}" class="entry"> | 25 | <div id="entry-{{ entry.id|e }}" class="entry"> |
26 | <h2><a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title|raw }}">{{ entry.title|raw }}</a></h2> | 26 | <h2><a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title|e|raw }}">{{ entry.title|e|raw }}</a></h2> |
27 | 27 | ||
28 | {% set readingTime = entry.readingTime / app.user.config.readingSpeed %} | 28 | {% set readingTime = entry.readingTime / app.user.config.readingSpeed %} |
29 | <div class="estimatedTime"> | 29 | <div class="estimatedTime"> |
@@ -60,7 +60,7 @@ | |||
60 | <li><a href="{{ path('tag_entries', {'slug': tag.slug}) }}">{{ tag.label }}</a></li> | 60 | <li><a href="{{ path('tag_entries', {'slug': tag.slug}) }}">{{ tag.label }}</a></li> |
61 | {% endfor %} | 61 | {% endfor %} |
62 | </ul> | 62 | </ul> |
63 | <img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|raw }}" /> | 63 | <img class="preview" src="{{ entry.previewPicture }}" alt="{{ entry.title|e|raw }}" /> |
64 | {% endif %} | 64 | {% endif %} |
65 | </div> | 65 | </div> |
66 | {% endfor %} | 66 | {% endfor %} |