diff options
author | cel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519> | 2020-03-19 17:41:17 -0400 |
---|---|---|
committer | cel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519> | 2020-03-19 17:43:55 -0400 |
commit | 637e98b75e71e3ba16f2de5c98e2dea8f6ef62a8 (patch) | |
tree | 61362ba587be7e17da3eb2e61888450f1a52d8c4 | |
parent | 5855b689e591248e74b1af616a37a319e062f580 (diff) | |
download | patchfoo-637e98b75e71e3ba16f2de5c98e2dea8f6ef62a8.tar.gz patchfoo-637e98b75e71e3ba16f2de5c98e2dea8f6ef62a8.zip |
advsearch: html escape
-rw-r--r-- | lib/serve.js | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/serve.js b/lib/serve.js index 4089635..29a6350 100644 --- a/lib/serve.js +++ b/lib/serve.js @@ -702,25 +702,25 @@ Serve.prototype.advsearch = function (ext) { ph('td', 'text'), ph('td', ph('input', {name: 'text', placeholder: 'regex', class: 'id-input', - value: q.text || ''})) + value: u.escapeHTML(q.text)})) ]), ph('tr', [ ph('td', 'author'), ph('td', ph('input', {name: 'source', placeholder: '@id', class: 'id-input', - value: q.source || ''})) + value: q.escapeHTML(q.source)})) ]), ph('tr', [ ph('td', 'mentions'), ph('td', ph('input', {name: 'dest', placeholder: 'id', class: 'id-input', - value: q.dest || ''})) + value: u.escapeHTML(q.dest)})) ]), ph('tr', [ ph('td', 'channel'), ph('td', ['#', ph('input', {name: 'channel', placeholder: 'channel', class: 'id-input', - value: q.channel || ''}) + value: u.escapeHTML(q.channel)}) ]) ]), ph('tr', [ |