Explicitely escape user data in translations to avoid XSS

This commit is contained in:
Bat
2018-06-26 17:58:11 +02:00
parent a7b246b726
commit a8b47de28b
5 changed files with 8 additions and 8 deletions
+1 -1
View File
@@ -6,7 +6,7 @@
{% endblock title %}
{% block content %}
<h1>{{ "Welcome on {{ instance_name }}" | _(instance_name=instance.name) }}</h1>
<h1>{{ "Welcome on {{ instance_name | escape }}" | _(instance_name=instance.name) }}</h1>
<h2>{{ "Latest articles" | _ }}</h2>
<div class="cards">