Fixed possible JS injection via the title edition

author: Nicolas Lœuillet <nicolas@loeuillet.org> 2017-01-17 10:09:04 +0100
committer: Nicolas Lœuillet <nicolas@loeuillet.org> 2017-01-17 10:09:04 +0100
commit: 3d9950792c0aef20643ce1c5f81670e1f7194af9 (patch)
tree: 0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
parent: 96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff)
download: wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.gz
wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.zst
wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
index 0fdd5996..91a1bac0 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
@@ -11,8 +11,8 @@
        <div class="card-content">
            <span class="card-title dot-ellipsis dot-resize-update">
-                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
+                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title| e | raw | striptags }}">
-                    {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+                    {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
                </a>
            </span>
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2017-01-17 10:09:04 +0100
committer	Nicolas Lœuillet <nicolas@loeuillet.org>	2017-01-17 10:09:04 +0100
commit	3d9950792c0aef20643ce1c5f81670e1f7194af9 (patch)
tree	0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
parent	96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff)
download	wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.gz wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.zst wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.zip

diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig index 0fdd5996..91a1bac0 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_full_image.html.twig
@@ -11,8 +11,8 @@
11		11
12	<div class="card-content">	12	<div class="card-content">
13	<span class="card-title dot-ellipsis dot-resize-update">	13	<span class="card-title dot-ellipsis dot-resize-update">
14	<a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title \| raw \| striptags }}">	14	<a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title\| e \| raw \| striptags }}">
15	{{ entry.title \| raw \| striptags \| truncate(80, true, '…') }}	15	{{ entry.title \| e \| raw \| striptags \| truncate(80, true, '…') }}
16	</a>	16	</a>
17	</span>	17	</span>
18		18