Fix XSS in openid selector. Thanks, Raghav Bisht.

author: Joey Hess <joeyh@joeyh.name> 2015-03-27 12:17:39 -0400
committer: Joey Hess <joeyh@joeyh.name> 2015-03-27 12:17:39 -0400
commit: 18dfba868fe2fb9c64706b2123eb0b3a3ce66a77 (patch)
tree: 26f01bd943fe829d73f569c1bdc19ffef1026049 /templates
parent: 2940fe5334fa8cf14880eef41cd6dc9b762ac1cc (diff)
download: ikiwiki-18dfba868fe2fb9c64706b2123eb0b3a3ce66a77.tar
ikiwiki-18dfba868fe2fb9c64706b2123eb0b3a3ce66a77.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/openid-selector.tmpl b/templates/openid-selector.tmpl
index b6be2720c..0fd833042 100644
--- a/templates/openid-selector.tmpl
+++ b/templates/openid-selector.tmpl
@@ -23,7 +23,7 @@ $(document).ready(function() {
 		</div>
 		<div id="openid_input_area">
 			<label for="openid_identifier" class="block">Enter your OpenID:</label>
-			<input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR OPENID_URL>"/>
+			<input id="openid_identifier" name="openid_identifier" type="text" value="<TMPL_VAR ESCAPE=HTML OPENID_URL>"/>
 			<input id="openid_submit" type="submit" value="Login"/>
 		</div>
 		<TMPL_IF OPENID_ERROR>
author	Joey Hess <joeyh@joeyh.name>	2015-03-27 12:17:39 -0400
committer	Joey Hess <joeyh@joeyh.name>	2015-03-27 12:17:39 -0400
commit	18dfba868fe2fb9c64706b2123eb0b3a3ce66a77 (patch)
tree	26f01bd943fe829d73f569c1bdc19ffef1026049 /templates
parent	2940fe5334fa8cf14880eef41cd6dc9b762ac1cc (diff)
download	ikiwiki-18dfba868fe2fb9c64706b2123eb0b3a3ce66a77.tar ikiwiki-18dfba868fe2fb9c64706b2123eb0b3a3ce66a77.tar.gz