Skip to content

Commit

Permalink
Fix script injection by using _.template escaping
Browse files Browse the repository at this point in the history
  • Loading branch information
@robmadole
robmadole committed Nov 21, 2016
1 parent 3fbc684 commit 75cdda9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/icons.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
{% include icons/medical.html %}
</div>
<script type="text/template" id="results-template">
<h2 class="page-header">Search for '<span class="text-color-default"><%= content.query %></span>'</h2>
<h2 class="page-header">Search for '<span class="text-color-default"><%- content.query %></span>'</h2>
<% if (content.nbHits > 0) { %>
<div class="row fontawesome-icon-list">
<%= results %>
Expand Down

0 comments on commit 75cdda9

Please sign in to comment.