diff options
| author | Omar Roth <omarroth@protonmail.com> | 2019-06-15 20:42:42 -0500 |
|---|---|---|
| committer | Omar Roth <omarroth@protonmail.com> | 2019-06-15 20:42:42 -0500 |
| commit | fcf377d26b3e54c9b5f72d0a3c497d9504259f56 (patch) | |
| tree | 69222963ea1b4090127a1615573bfda55f445635 /src | |
| parent | 3be1c9261f12b44a8e84597bc59d1fe3d8504f87 (diff) | |
| download | invidious-fcf377d26b3e54c9b5f72d0a3c497d9504259f56.tar.gz invidious-fcf377d26b3e54c9b5f72d0a3c497d9504259f56.tar.bz2 invidious-fcf377d26b3e54c9b5f72d0a3c497d9504259f56.zip | |
Fix escaping for login page
Diffstat (limited to 'src')
| -rw-r--r-- | src/invidious/views/login.ecr | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/invidious/views/login.ecr b/src/invidious/views/login.ecr index 7fa25278..7e2c2e21 100644 --- a/src/invidious/views/login.ecr +++ b/src/invidious/views/login.ecr @@ -32,7 +32,7 @@ <% end %> <% if password %> - <input name="password" type="hidden" value="<%= password %>"> + <input name="password" type="hidden" value="<%= HTML.escape(password) %>"> <% else %> <label for="password"><%= translate(locale, "Password") %> :</label> <input required class="pure-input-1" name="password" type="password" placeholder="<%= translate(locale, "Password") %>"> @@ -95,7 +95,7 @@ <% end %> <% if password %> - <input name="password" type="hidden" value="<%= password %>"> + <input name="password" type="hidden" value="<%= HTML.escape(password) %>"> <% else %> <label for="password"><%= translate(locale, "Password") %> :</label> <input required class="pure-input-1" name="password" type="password" placeholder="<%= translate(locale, "Password") %>"> |