Fixed possible JS injection via the title edition

author: Nicolas Lœuillet <nicolas@loeuillet.org> 2017-01-17 10:09:04 +0100
committer: Nicolas Lœuillet <nicolas@loeuillet.org> 2017-01-17 10:09:04 +0100
commit: 3d9950792c0aef20643ce1c5f81670e1f7194af9 (patch)
tree: 0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
parent: 96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff)
download: wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.gz
wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.zst
wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
index b0e3c06d..d23be4d0 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
@@ -13,8 +13,8 @@
            <i class="grey-text text-darken-4 activator material-icons right">more_vert</i>
            <span class="card-title dot-ellipsis dot-resize-update">
-                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
+                <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
-                    {{ entry.title| striptags | truncate(80, true, '…') | raw }}
+                    {{ entry.title | e | striptags | truncate(80, true, '…') | raw }}
                </a>
            </span>
@@ -29,8 +29,8 @@
    <div class="card-reveal">
        <i class="card-title activator grey-text text-darken-4 material-icons right">clear</i>
        <span class="card-title">
-            <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | raw | striptags }}">
+            <a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title | e | raw | striptags }}">
-                {{ entry.title | raw | striptags | truncate(80, true, '…') }}
+                {{ entry.title | e | raw | striptags | truncate(80, true, '…') }}
            </a>
        </span>
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2017-01-17 10:09:04 +0100
committer	Nicolas Lœuillet <nicolas@loeuillet.org>	2017-01-17 10:09:04 +0100
commit	3d9950792c0aef20643ce1c5f81670e1f7194af9 (patch)
tree	0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
parent	96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff)
download	wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.gz wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.tar.zst wallabag-3d9950792c0aef20643ce1c5f81670e1f7194af9.zip

diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig index b0e3c06d..d23be4d0 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/_card_preview.html.twig
@@ -13,8 +13,8 @@
13	<i class="grey-text text-darken-4 activator material-icons right">more_vert</i>	13	<i class="grey-text text-darken-4 activator material-icons right">more_vert</i>
14		14
15	<span class="card-title dot-ellipsis dot-resize-update">	15	<span class="card-title dot-ellipsis dot-resize-update">
16	<a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title \| raw \| striptags }}">	16	<a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title \| e \| raw \| striptags }}">
17	{{ entry.title\| striptags \| truncate(80, true, '…') \| raw }}	17	{{ entry.title \| e \| striptags \| truncate(80, true, '…') \| raw }}
18	</a>	18	</a>
19	</span>	19	</span>
20		20
@@ -29,8 +29,8 @@
29	<div class="card-reveal">	29	<div class="card-reveal">
30	<i class="card-title activator grey-text text-darken-4 material-icons right">clear</i>	30	<i class="card-title activator grey-text text-darken-4 material-icons right">clear</i>
31	<span class="card-title">	31	<span class="card-title">
32	<a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title \| raw \| striptags }}">	32	<a href="{{ path('view', { 'id': entry.id }) }}" title="{{ entry.title \| e \| raw \| striptags }}">
33	{{ entry.title \| raw \| striptags \| truncate(80, true, '…') }}	33	{{ entry.title \| e \| raw \| striptags \| truncate(80, true, '…') }}
34	</a>	34	</a>
35	</span>	35	</span>
36		36