diff options
| author | r <r@freesoftwareextremist.com> | 2020-05-29 10:41:59 +0000 |
|---|---|---|
| committer | r <r@freesoftwareextremist.com> | 2020-05-29 10:51:41 +0000 |
| commit | 1ae3c33b7df83cec8afdb5f8e3cc46a0919c9ac1 (patch) | |
| tree | 139d14fdf693e7e698f0986777f8721a4b5516ca /templates | |
| parent | 051908cfb7595afe1a775bf7e87d7081548884b0 (diff) | |
| download | bloat-1ae3c33b7df83cec8afdb5f8e3cc46a0919c9ac1.tar.gz bloat-1ae3c33b7df83cec8afdb5f8e3cc46a0919c9ac1.zip | |
HTML Escape search queries
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/search.tmpl | 2 | ||||
| -rw-r--r-- | templates/usersearch.tmpl | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/templates/search.tmpl b/templates/search.tmpl index 560a2c9..11c584a 100644 --- a/templates/search.tmpl +++ b/templates/search.tmpl @@ -5,7 +5,7 @@ <form class="search-form" action="/search" method="GET"> <span class="post-form-field> <label for="query"> Query </label> - <input id="query" name="q" value="{{.Q}}"> + <input id="query" name="q" value="{{.Q | HTMLEscape}}"> </span> <span class="post-form-field> <label for="type"> Type </label> diff --git a/templates/usersearch.tmpl b/templates/usersearch.tmpl index ca99b4c..e5f2bfc 100644 --- a/templates/usersearch.tmpl +++ b/templates/usersearch.tmpl @@ -5,7 +5,7 @@ <form class="search-form" action="/usersearch/{{.User.ID}}" method="GET"> <span class="post-form-field> <label for="query"> Query </label> - <input id="query" name="q" value="{{.Q}}"> + <input id="query" name="q" value="{{.Q | HTMLEscape}}"> </span> <button type="submit"> Search </button> </form> |