mirror of
https://github.com/wallabag/wallabag.git
synced 2024-11-28 12:01:13 +00:00
views: escape piwik host and siteId to prevent XSS
Fixes CVE-2018-11352 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
parent
8013f35d96
commit
66697b29b9
1 changed files with 1 additions and 1 deletions
|
@ -69,7 +69,7 @@
|
||||||
{% block footer %}{% endblock %}
|
{% block footer %}{% endblock %}
|
||||||
|
|
||||||
{% if craue_setting('piwik_enabled') %}
|
{% if craue_setting('piwik_enabled') %}
|
||||||
{{ piwik(craue_setting('piwik_host'), craue_setting('piwik_site_id')) }}
|
{{ piwik(craue_setting('piwik_host')|e('html_attr'), craue_setting('piwik_site_id')|e('html_attr')) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
Loading…
Reference in a new issue