Merge pull request #2758 from wallabag/fix-public-sharing

Fixed possible JS injection via the title edition
author: Nicolas Lœuillet <nicolas@loeuillet.org> 2017-01-17 11:59:14 +0100
committer: GitHub <noreply@github.com> 2017-01-17 11:59:14 +0100
commit: 9123cb3053a1e5e8730e44a2723cd61bb9b08512 (patch)
tree: 0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
parent: 96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff)
parent: 3d9950792c0aef20643ce1c5f81670e1f7194af9 (diff)
download: wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.tar.gz
wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.tar.zst
wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
index c615a907..b445f7d5 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
@@ -1,6 +1,6 @@
 {% extends "WallabagCoreBundle::layout.html.twig" %}
-{% block title %}{{ entry.title|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
+{% block title %}{{ entry.title|e|raw }} ({{ entry.domainName|removeWww }}){% endblock %}
 {% block body_class %}entry{% endblock %}
@@ -209,7 +209,7 @@
 {% block content %}
    <div id="article">
        <header class="mbm">
-            <h1>{{ entry.title|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
+            <h1>{{ entry.title|e|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'|trans }}">✎</a></h1>
        </header>
        <aside>
            <ul class="tools">
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2017-01-17 11:59:14 +0100
committer	GitHub <noreply@github.com>	2017-01-17 11:59:14 +0100
commit	9123cb3053a1e5e8730e44a2723cd61bb9b08512 (patch)
tree	0eb9a92112c2e5913015abf01ff4e0b9e14c6d85 /src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
parent	96e2827605ab459bfc61ff96438eab8285d2a0c7 (diff)
parent	3d9950792c0aef20643ce1c5f81670e1f7194af9 (diff)
download	wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.tar.gz wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.tar.zst wallabag-9123cb3053a1e5e8730e44a2723cd61bb9b08512.zip

diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig index c615a907..b445f7d5 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Entry/entry.html.twig
@@ -1,6 +1,6 @@
1	{% extends "WallabagCoreBundle::layout.html.twig" %}	1	{% extends "WallabagCoreBundle::layout.html.twig" %}
2		2
3	{% block title %}{{ entry.title\|raw }} ({{ entry.domainName\|removeWww }}){% endblock %}	3	{% block title %}{{ entry.title\|e\|raw }} ({{ entry.domainName\|removeWww }}){% endblock %}
4		4
5	{% block body_class %}entry{% endblock %}	5	{% block body_class %}entry{% endblock %}
6		6
@@ -209,7 +209,7 @@
209	{% block content %}	209	{% block content %}
210	<div id="article">	210	<div id="article">
211	<header class="mbm">	211	<header class="mbm">
212	<h1>{{ entry.title\|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'\|trans }}">✎</a></h1>	212	<h1>{{ entry.title\|e\|raw }} <a href="{{ path('edit', { 'id': entry.id }) }}" title="{{ 'entry.view.edit_title'\|trans }}">✎</a></h1>
213	</header>	213	</header>
214	<aside>	214	<aside>
215	<ul class="tools">	215	<ul class="tools">