1
0

Escape category images to avoid backend XSS

This commit is contained in:
Hanno
2019-09-17 19:40:34 +02:00
committed by onli
parent 464c1319ad
commit fa8e77c130
9 changed files with 9 additions and 9 deletions
templates
2k11
bootstrap4
bulletproof
clean-blog
competition
contest
default
skeleton
timeline

@ -19,7 +19,7 @@
<span class="serendipity_entryIcon">
{foreach from=$entry.categories item="entry_category"}
{if $entry_category.category_icon}
<a href="{$entry_category.category_link}"><img class="serendipity_entryIcon" title="{$entry_category.category_name|@escape}{$entry_category.category_description|@emptyPrefix}" alt="{$entry_category.category_name|@escape}" src="{$entry_category.category_icon}" /></a>
<a href="{$entry_category.category_link}"><img class="serendipity_entryIcon" title="{$entry_category.category_name|@escape}{$entry_category.category_description|@emptyPrefix}" alt="{$entry_category.category_name|@escape}" src="{$entry_category.category_icon|escape}" /></a>
{/if}
{/foreach}
</span>