sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]

Browse Source
This commit is contained in:
Wu Cheng-Han
2016-11-26 22:55:31 +08:00
parent b43e63dd21
commit 9d4ede4cff
8 changed files with 15 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/views/head.ejs
View File

@@ -4,7 +4,7 @@
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta name="mobile-web-app-capable" content="yes">
<title><%- title %></title>
<title><%= title %></title>
<link rel="icon" type="image/png" href="<%- url %>/favicon.png">
<link rel="apple-touch-icon" href="<%- url %>/apple-touch-icon.png">
<% if(useCDN) { %>