diff options
author | David Mehren | 2021-05-11 21:13:25 +0200 |
---|---|---|
committer | GitHub | 2021-05-11 21:13:25 +0200 |
commit | 01dad5821ee28377ebe640c6c72c3e0bb0d51ea7 (patch) | |
tree | e1dc63aba3546b3bbc402c2e911626d0ade56b46 /public/views | |
parent | 4cc9b3abe5f4ee55764fbdb6602f8133e4d73e53 (diff) | |
parent | f552b14e11761a73237b3b3834827dde151b8b28 (diff) |
Merge pull request from GHSA-gjg7-4j2h-94fq
Fix XSS in Open Graph & User metadata
Diffstat (limited to '')
-rw-r--r-- | public/views/hedgedoc/head.ejs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/public/views/hedgedoc/head.ejs b/public/views/hedgedoc/head.ejs index 44668795..419d5dcc 100644 --- a/public/views/hedgedoc/head.ejs +++ b/public/views/hedgedoc/head.ejs @@ -7,7 +7,7 @@ <%- include('../includes/favicon') %> <% for (var og in opengraph) { %> <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %> -<meta property="og:<%- og %>" content="<%- opengraph[og] %>"> +<meta property="og:<%= og %>" content="<%= opengraph[og] %>"> <% }} if (!opengraph.hasOwnProperty('image')) { %> <meta property="og:image" content="<%- serverURL %>/icons/android-chrome-512x512.png"> <meta property="og:image:alt" content="HedgeDoc logo"> |