mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-27 21:44:21 -04:00
Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue]
This commit is contained in:
parent
b43e63dd21
commit
9d4ede4cff
8 changed files with 15 additions and 24 deletions
|
@ -6,12 +6,12 @@
|
|||
<meta name="apple-mobile-web-app-status-bar-style" content="black">
|
||||
<meta name="mobile-web-app-capable" content="yes">
|
||||
<% if(typeof robots !== 'undefined' && robots) { %>
|
||||
<meta name="robots" content="<%- robots %>">
|
||||
<meta name="robots" content="<%= robots %>">
|
||||
<% } %>
|
||||
<% if(typeof description !== 'undefined' && description) { %>
|
||||
<meta name="description" content="<%- description %>">
|
||||
<meta name="description" content="<%= description %>">
|
||||
<% } %>
|
||||
<title><%- title %></title>
|
||||
<title><%= title %></title>
|
||||
<link rel="icon" type="image/png" href="<%- url %>/favicon.png">
|
||||
<link rel="apple-touch-icon" href="<%- url %>/apple-touch-icon.png">
|
||||
<% if(useCDN) { %>
|
||||
|
@ -55,10 +55,10 @@
|
|||
<body>
|
||||
<div class="container">
|
||||
<div class="reveal">
|
||||
<div class="slides" style="display: none;"><%- body %></div>
|
||||
<div class="slides" style="display: none;"><%= body %></div>
|
||||
</div>
|
||||
|
||||
<div id="meta" style="display: none;"><%- meta %></div>
|
||||
<div id="meta" style="display: none;"><%= meta %></div>
|
||||
|
||||
<div class="footer">
|
||||
<div class="unselectable hidden-print" style="color: #777;">
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue