Merge pull request #6288 from wallabag/2.5/xss-username-share-page

Fix XSS on username on share page
2024-06-09 08:49:27 +00:00 · 2023-02-07 21:43:04 +01:00 · 2023-02-07 21:43:04 +01:00 · 4e023bddc3
parent acd285dcbb bd4c71682e
commit 4e023bddc3
1 changed files with 1 additions and 1 deletions
--- a/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/common/Entry/share.html.twig
@ -28,7 +28,7 @@
        <header class="block">
            <h1>{{ entry.title|e|raw }}</h1>
            <a href="{{ entry.url|e }}" target="_blank" rel="noopener" title="{{ 'entry.view.original_article'|trans }} : {{ entry.title|e|raw }}" class="tool">{{ entry.domainName|removeWww }}</a>
-            <p class="shared-by">{{ "entry.public.shared_by_wallabag"|trans({'%wallabag_instance%': url('homepage'), '%username%': entry.user.username})|raw }}.</p>
+            <p class="shared-by">{{ "entry.public.shared_by_wallabag"|trans({'%wallabag_instance%': url('homepage'), '%username%': entry.user.username|escape})|raw }}.</p>
        </header>
        <article class="block">
            {{ entry.content | raw }}