Merge pull request #3371 from mikicaivosevic/patch-1

Update index.js, fix outgoing XSS
10 years ago · 924692404d
parent cead53ec86 e24bd2c0e3
commit 924692404d
1 changed files with 1 additions and 1 deletions
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@ -181,7 +181,7 @@ Controllers.robots = function (req, res) {
 Controllers.outgoing = function(req, res, next) {
 	var url = req.query.url,
 		data = {
-			url: url,
+			url: validator.escape(url),
 			title: meta.config.title,
 			breadcrumbs: helpers.buildBreadcrumbs([{text: '[[notifications:outgoing_link]]'}])
 		};