deblan-mirror/Fork-Awesome
1
0
Fork 0
mirror of https://github.com/ForkAwesome/Fork-Awesome synced 2024-05-31 21:02:27 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10259 from FortAwesome/search-script-injection

Browse source 
Fix script injection by using _.template escaping
This commit is contained in:
Dave Gandy 2016-11-21 11:37:31 -05:00 committed by GitHub
parent 3fbc684636 75cdda9bf7
commit 49100c7c3a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/icons.html
View file

@ -57,7 +57,7 @@ relative_path: ../
{% include icons/medical.html %}
</div>
<script type="text/template" id="results-template">
<h2 class="page-header">Search for '<span class="text-color-default"><%= content.query %></span>'</h2>
<h2 class="page-header">Search for '<span class="text-color-default"><%- content.query %></span>'</h2>
<% if (content.nbHits > 0) { %>
<div class="row fontawesome-icon-list">
<%= results %>