Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]

author: Wu Cheng-Han 2016-11-26 22:55:31 +0800
committer: Wu Cheng-Han 2016-11-26 22:55:31 +0800
commit: 9d4ede4cffae47b9fd81ffbd0f2edff47c29e224 (patch)
tree: 93f56b484e527a0e8b0a95c768925876e70d8f1f /public/views/disqus.ejs
parent: b43e63dd21584c75ab7e0be6fe6331857f09c026 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/public/views/disqus.ejs b/public/views/disqus.ejs
index ed991a41..cceaa85c 100644
--- a/public/views/disqus.ejs
+++ b/public/views/disqus.ejs
@@ -5,7 +5,7 @@ var disqus_config = function () {
 };
 (function() {
     var d = document, s = d.createElement('script');
-    s.src = '//<%- disqus %>.disqus.com/embed.js';
+    s.src = '//<%= disqus %>.disqus.com/embed.js';
     s.setAttribute('data-timestamp', +new Date());
     (d.head || d.body).appendChild(s);
 })();
author	Wu Cheng-Han	2016-11-26 22:55:31 +0800
committer	Wu Cheng-Han	2016-11-26 22:55:31 +0800
commit	9d4ede4cffae47b9fd81ffbd0f2edff47c29e224 (patch)
tree	93f56b484e527a0e8b0a95c768925876e70d8f1f /public/views/disqus.ejs
parent	b43e63dd21584c75ab7e0be6fe6331857f09c026 (diff)