diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-01-07 11:32:12 +0200 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-01-07 11:32:12 +0200 |
| commit | 676a9a7e287655342ac0683dedce0c69a984465e (patch) | |
| tree | 60b6fd53de1d30c11af43d713a1a1e323ae8ba70 /app/views/search/show.html.haml | |
| parent | 1665a06fddf7c51fcf80da74590c613f5c785f47 (diff) | |
| download | gitlab-ce-676a9a7e287655342ac0683dedce0c69a984465e.tar.gz | |
Fix xss vulnerability
Diffstat (limited to 'app/views/search/show.html.haml')
| -rw-r--r-- | app/views/search/show.html.haml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/search/show.html.haml b/app/views/search/show.html.haml index 8448193deb9..ddcef442490 100644 --- a/app/views/search/show.html.haml +++ b/app/views/search/show.html.haml @@ -88,5 +88,5 @@ %h4.nothing_here_message No wiki pages :javascript $(function() { - $(".search_results .term").highlight("#{params[:search]}"); + $(".search_results .term").highlight("#{escape_javascript(params[:search])}"); }) |