aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519>2020-03-19 17:41:17 -0400
committercel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519>2020-03-19 17:43:55 -0400
commit637e98b75e71e3ba16f2de5c98e2dea8f6ef62a8 (patch)
tree61362ba587be7e17da3eb2e61888450f1a52d8c4
parent5855b689e591248e74b1af616a37a319e062f580 (diff)
downloadpatchfoo-637e98b75e71e3ba16f2de5c98e2dea8f6ef62a8.tar.gz
patchfoo-637e98b75e71e3ba16f2de5c98e2dea8f6ef62a8.zip
advsearch: html escape
-rw-r--r--lib/serve.js8
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/serve.js b/lib/serve.js
index 4089635..29a6350 100644
--- a/lib/serve.js
+++ b/lib/serve.js
@@ -702,25 +702,25 @@ Serve.prototype.advsearch = function (ext) {
ph('td', 'text'),
ph('td', ph('input', {name: 'text', placeholder: 'regex',
class: 'id-input',
- value: q.text || ''}))
+ value: u.escapeHTML(q.text)}))
]),
ph('tr', [
ph('td', 'author'),
ph('td', ph('input', {name: 'source', placeholder: '@id',
class: 'id-input',
- value: q.source || ''}))
+ value: q.escapeHTML(q.source)}))
]),
ph('tr', [
ph('td', 'mentions'),
ph('td', ph('input', {name: 'dest', placeholder: 'id',
class: 'id-input',
- value: q.dest || ''}))
+ value: u.escapeHTML(q.dest)}))
]),
ph('tr', [
ph('td', 'channel'),
ph('td', ['#', ph('input', {name: 'channel', placeholder: 'channel',
class: 'id-input',
- value: q.channel || ''})
+ value: u.escapeHTML(q.channel)})
])
]),
ph('tr', [