Fix XSS on username on share page

2024-05-23 11:38:05 +00:00 · 2023-02-07 19:58:06 +01:00 · 2023-02-07 19:58:06 +01:00 · bd4c71682e
parent 784bc1393c
commit bd4c71682e
1 changed files with 1 additions and 1 deletions
--- a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig
@ -28,7 +28,7 @@
        <header class="block">
            <h1>{{ entry.title|e|raw }}</h1>
            <a href="{{ entry.url|e }}" target="_blank" rel="noopener" title="{{ 'entry.view.original_article'|trans }} : {{ entry.title|e|raw }}" class="tool">{{ entry.domainName|removeWww }}</a>
-            <p class="shared-by">{{ "entry.public.shared_by_wallabag"|trans({'%wallabag_instance%': url('homepage'), '%username%': entry.user.username})|raw }}.</p>
+            <p class="shared-by">{{ "entry.public.shared_by_wallabag"|trans({'%wallabag_instance%': url('homepage'), '%username%': entry.user.username|escape})|raw }}.</p>
        </header>
        <article class="block">
            {{ entry.content | raw }}