summaryrefslogtreecommitdiff
path: root/views/new-post.php
diff options
context:
space:
mode:
authorAaron Parecki <aaron@parecki.com>2016-05-06 07:59:16 +0200
committerAaron Parecki <aaron@parecki.com>2016-05-06 07:59:16 +0200
commitc1101c687da661e4489cde2a663a93f094cf2546 (patch)
tree5a3d4687ba261c67a5483955f88818a4f9500065 /views/new-post.php
parent1743621c4896b65cd9bd81a07341b48a7619bcf8 (diff)
escape html in syndication targets
Diffstat (limited to 'views/new-post.php')
-rw-r--r--views/new-post.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/views/new-post.php b/views/new-post.php
index 7c4d3cf..da3927d 100644
--- a/views/new-post.php
+++ b/views/new-post.php
@@ -44,9 +44,9 @@
echo '<ul>';
foreach($this->syndication_targets as $syn) {
echo '<li>'
- . '<button data-syndicate-to="'.(isset($syn['uid']) ? $syn['uid'] : $syn['target']).'" class="btn btn-default btn-block">'
- . ($syn['favicon'] ? '<img src="'.$syn['favicon'].'" width="16" height="16"> ' : '')
- . $syn['target']
+ . '<button data-syndicate-to="'.(isset($syn['uid']) ? htmlspecialchars($syn['uid']) : htmlspecialchars($syn['target'])).'" class="btn btn-default btn-block">'
+ . ($syn['favicon'] ? '<img src="'.htmlspecialchars($syn['favicon']).'" width="16" height="16"> ' : '')
+ . htmlspecialchars($syn['target'])
. '</button>'
. '</li>';
}