Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]

2016-11-26 22:55:31 +08:00
parent b43e63dd21
commit 9d4ede4cff
8 changed files with 15 additions and 24 deletions
--- a/public/views/ga.ejs
+++ b/public/views/ga.ejs
@@ -12,7 +12,7 @@
    m.parentNode.insertBefore(a, m)
 })(window, document, 'script', '//www.google-analytics.com/analytics.js', 'ga');

-ga('create', '<%- GA %>', 'auto');
+ga('create', '<%= GA %>', 'auto');
 ga('send', 'pageview');
 </script>
 <% } %>