diff options
author | Peter De Wachter <pdewacht@gmail.com> | 2019-08-14 09:33:54 +0200 |
---|---|---|
committer | Frédéric Guillot <fred@miniflux.net> | 2019-08-15 21:39:41 -0700 |
commit | ea2b6e3608624a2a14af1956a3ad0035b7fb09f0 (patch) | |
tree | 693bda6a0522c069ec6cff94db9c9a9eabc82d42 /template | |
parent | 3a39d110f0f2a3e976df1e810a861c602a634d14 (diff) |
addImageTitle: Fix HTML injection
This rewrite rule would change this:
<img title="<foo>">
to this:
<figure><img><figcaption><foo></figcaption></figure>
The image title needs to be properly escaped.
Diffstat (limited to 'template')
0 files changed, 0 insertions, 0 deletions