mirror of
https://github.com/wallabag/wallabag.git
synced 2024-11-28 12:01:13 +00:00
views: escape piwik host and siteId to prevent XSS
Fixes CVE-2018-11352 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
parent
8013f35d96
commit
66697b29b9
1 changed files with 1 additions and 1 deletions
|
@ -69,7 +69,7 @@
|
|||
{% block footer %}{% endblock %}
|
||||
|
||||
{% if craue_setting('piwik_enabled') %}
|
||||
{{ piwik(craue_setting('piwik_host'), craue_setting('piwik_site_id')) }}
|
||||
{{ piwik(craue_setting('piwik_host')|e('html_attr'), craue_setting('piwik_site_id')|e('html_attr')) }}
|
||||
{% endif %}
|
||||
</body>
|
||||
</html>
|
||||
|
|
Loading…
Reference in a new issue