From 9d4ede4cffae47b9fd81ffbd0f2edff47c29e224 Mon Sep 17 00:00:00 2001
From: Wu Cheng-Han
Date: Sat, 26 Nov 2016 22:55:31 +0800
Subject: Fix possible XSS in yaml-metadata and turn using ejs escape syntax
 than external lib [Security Issue]

---
 public/views/ga.ejs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'public/views/ga.ejs')

diff --git a/public/views/ga.ejs b/public/views/ga.ejs
index 180832d1..66d4acd9 100644
--- a/public/views/ga.ejs
+++ b/public/views/ga.ejs
@@ -12,7 +12,7 @@
     m.parentNode.insertBefore(a, m)
 })(window, document, 'script', '//www.google-analytics.com/analytics.js', 'ga');
 
-ga('create', '<%- GA %>', 'auto');
+ga('create', '<%= GA %>', 'auto');
 ga('send', 'pageview');
 </script>
 <% } %>
\ No newline at end of file
-- 
cgit v1.2.3