Browse Source

Security: fix XSS attack on alert (#973)

Lunny Xiao 3 years ago
parent
commit
b8f70a27a5
1 changed files with 3 additions and 3 deletions
  1. 3 3
      templates/base/alert.tmpl

+ 3 - 3
templates/base/alert.tmpl

@@ -1,15 +1,15 @@
1 1
 {{if .Flash.ErrorMsg}}
2 2
 	<div class="ui negative message">
3
-		<p>{{.Flash.ErrorMsg | Safe}}</p>
3
+		<p>{{.Flash.ErrorMsg | Str2html}}</p>
4 4
 	</div>
5 5
 {{end}}
6 6
 {{if .Flash.SuccessMsg}}
7 7
 	<div class="ui positive message">
8
-		<p>{{.Flash.SuccessMsg | Safe}}</p>
8
+		<p>{{.Flash.SuccessMsg | Str2html}}</p>
9 9
 	</div>
10 10
 {{end}}
11 11
 {{if .Flash.InfoMsg}}
12 12
 	<div class="ui info message">
13
-		<p>{{.Flash.InfoMsg | Safe}}</p>
13
+		<p>{{.Flash.InfoMsg | Str2html}}</p>
14 14
 	</div>
15 15
 {{end}}