diff options
author | Dave Gandy <dave@davegandy.com> | 2016-11-21 19:37:31 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-21 19:37:31 +0300 |
commit | 49100c7c3a7b58d50baa71efef11af41a66b03d3 (patch) | |
tree | bd1ce27e1c28bc4907164efd7aa37534bebaff3b | |
parent | 3fbc6846364ff92afe88d21124df7509ce3771b5 (diff) | |
parent | 75cdda9bf768914e72e1d72b720d8b44566d3f6f (diff) |
Merge pull request #10259 from FortAwesome/search-script-injection
Fix script injection by using _.template escaping
-rw-r--r-- | src/icons.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/icons.html b/src/icons.html index 00ad17e74..85534b2dd 100644 --- a/src/icons.html +++ b/src/icons.html @@ -57,7 +57,7 @@ relative_path: ../ {% include icons/medical.html %} </div> <script type="text/template" id="results-template"> - <h2 class="page-header">Search for '<span class="text-color-default"><%= content.query %></span>'</h2> + <h2 class="page-header">Search for '<span class="text-color-default"><%- content.query %></span>'</h2> <% if (content.nbHits > 0) { %> <div class="row fontawesome-icon-list"> <%= results %> |