diff options
author | Bo-Yi Wu | 2017-02-19 22:20:16 +0800 |
---|---|---|
committer | Lunny Xiao | 2017-02-19 22:20:15 +0800 |
commit | 1a5df9e822da793af3385b16c51721c2ecf0dec2 (patch) | |
tree | 530dc86e6d3a385d135357cf5ed7940d75e8f510 | |
parent | 21dc5996a5275dc9afda64941e21d61ba6904c40 (diff) |
Security: fix XSS attack on alert (#981)
-rw-r--r-- | templates/base/alert.tmpl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/templates/base/alert.tmpl b/templates/base/alert.tmpl index 8d05b882a..61b99486e 100644 --- a/templates/base/alert.tmpl +++ b/templates/base/alert.tmpl @@ -1,15 +1,15 @@ {{if .Flash.ErrorMsg}} <div class="ui negative message"> - <p>{{.Flash.ErrorMsg | Safe}}</p> + <p>{{.Flash.ErrorMsg | Str2html}}</p> </div> {{end}} {{if .Flash.SuccessMsg}} <div class="ui positive message"> - <p>{{.Flash.SuccessMsg | Safe}}</p> + <p>{{.Flash.SuccessMsg | Str2html}}</p> </div> {{end}} {{if .Flash.InfoMsg}} <div class="ui info message"> - <p>{{.Flash.InfoMsg | Safe}}</p> + <p>{{.Flash.InfoMsg | Str2html}}</p> </div> {{end}} |