From b8f70a27a52e6a2c8021485bfc1522eb5071c39f Mon Sep 17 00:00:00 2001 From: Lunny Xiao <xiaolunwen@gmail.com> Date: Sun, 19 Feb 2017 19:18:06 +0800 Subject: [PATCH] Security: fix XSS attack on alert (#973) --- templates/base/alert.tmpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/base/alert.tmpl b/templates/base/alert.tmpl index 8d05b882a7..61b99486e2 100644 --- a/templates/base/alert.tmpl +++ b/templates/base/alert.tmpl @@ -1,15 +1,15 @@ {{if .Flash.ErrorMsg}} <div class="ui negative message"> - <p>{{.Flash.ErrorMsg | Safe}}</p> + <p>{{.Flash.ErrorMsg | Str2html}}</p> </div> {{end}} {{if .Flash.SuccessMsg}} <div class="ui positive message"> - <p>{{.Flash.SuccessMsg | Safe}}</p> + <p>{{.Flash.SuccessMsg | Str2html}}</p> </div> {{end}} {{if .Flash.InfoMsg}} <div class="ui info message"> - <p>{{.Flash.InfoMsg | Safe}}</p> + <p>{{.Flash.InfoMsg | Str2html}}</p> </div> {{end}}