summaryrefslogtreecommitdiff
path: root/views/partials/syndication-js.php
diff options
context:
space:
mode:
authorAaron Parecki <aaron@parecki.com>2016-05-06 07:59:16 +0200
committerAaron Parecki <aaron@parecki.com>2016-05-06 07:59:16 +0200
commitc1101c687da661e4489cde2a663a93f094cf2546 (patch)
tree5a3d4687ba261c67a5483955f88818a4f9500065 /views/partials/syndication-js.php
parent1743621c4896b65cd9bd81a07341b48a7619bcf8 (diff)
escape html in syndication targets
Diffstat (limited to 'views/partials/syndication-js.php')
-rw-r--r--views/partials/syndication-js.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/views/partials/syndication-js.php b/views/partials/syndication-js.php
index 088cb43..6267327 100644
--- a/views/partials/syndication-js.php
+++ b/views/partials/syndication-js.php
@@ -7,7 +7,7 @@ function reload_syndications() {
var target = data.targets[i].target;
var uid = data.targets[i].uid;
var favicon = data.targets[i].favicon;
- $("#syndication-container ul").append('<li><button data-syndicate-to="'+(uid ? uid : target)+'" class="btn btn-default btn-block">'+(favicon ? '<img src="'+favicon+'" width="16" height="16"> ':'')+target+'</button></li>');
+ $("#syndication-container ul").append('<li><button data-syndicate-to="'+htmlspecialchars(uid ? uid : target)+'" class="btn btn-default btn-block">'+(favicon ? '<img src="'+htmlspecialchars(favicon)+'" width="16" height="16"> ':'')+htmlspecialchars(target)+'</button></li>');
}
bind_syndication_buttons();
} else {