]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - templates/openid-selector.tmpl
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix XSS in openid selector. Thanks, Raghav Bisht.
[git.ikiwiki.info.git] / templates / openid-selector.tmpl
diff --git a/templates/openid-selector.tmpl b/templates/openid-selector.tmpl
index b6be2720c99e4593d8fede439675916817b37aa5..0fd833042db4d0e692873bfe4b8c5a9bf974a06d 100644 (file)
--- a/templates/openid-selector.tmpl
+++ b/templates/openid-selector.tmpl
@@ -23,7 +23,7 @@ $(document).ready(function() {
                </div>
                <div id="openid_input_area">
                        <label for="openid_identifier" class="block">Enter your OpenID:</label>
-                       <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/>
+                       <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/>
                        <input id="openid_submit" type="submit" value="Login"/>
                </div>
                <TMPL_IF OPENID_ERROR>
Unnamed repository; edit this file 'description' to name the repository.