aboutsummaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorJoey Hess <joeyh@joeyh.name>2015-03-27 12:17:39 -0400
committerJoey Hess <joeyh@joeyh.name>2015-03-27 12:17:39 -0400
commit18dfba868fe2fb9c64706b2123eb0b3a3ce66a77 (patch)
tree26f01bd943fe829d73f569c1bdc19ffef1026049 /templates
parent2940fe5334fa8cf14880eef41cd6dc9b762ac1cc (diff)
downloadikiwiki-18dfba868fe2fb9c64706b2123eb0b3a3ce66a77.tar
ikiwiki-18dfba868fe2fb9c64706b2123eb0b3a3ce66a77.tar.gz
Fix XSS in openid selector. Thanks, Raghav Bisht.
Diffstat (limited to 'templates')
-rw-r--r--templates/openid-selector.tmpl2
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/openid-selector.tmpl b/templates/openid-selector.tmpl
index b6be2720c..0fd833042 100644
--- a/templates/openid-selector.tmpl
+++ b/templates/openid-selector.tmpl
@@ -23,7 +23,7 @@ $(document).ready(function() {
</div>
<div id="openid_input_area">
<label for="openid_identifier" class="block">Enter your OpenID:</label>
- <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/>
+ <input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/>
<input id="openid_submit" type="submit" value="Login"/>
</div>
<TMPL_IF OPENID_ERROR>