Explicitely escape user data in translations to avoid XSS

This commit is contained in:
Bat
2018-06-26 17:58:11 +02:00
parent a7b246b726
commit a8b47de28b
5 changed files with 8 additions and 8 deletions
+1 -1
View File
@@ -7,7 +7,7 @@
{% set name = user.username %}
{% endif %}
{{ "{{ name }}'s followers" | _(name=name) }}
{{ "{{ name | escape }}'s followers" | _(name=name) }}
{% endblock title %}
{% block content %}