Update index.js, fix outgoing XSS

Fix XSS on /outgoing route
10 years ago · e24bd2c0e3
parent cead53ec86
commit e24bd2c0e3
1 changed files with 1 additions and 1 deletions
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@ -181,7 +181,7 @@ Controllers.robots = function (req, res) {
 Controllers.outgoing = function(req, res, next) {
 	var url = req.query.url,
 		data = {
-			url: url,
+			url: validator.escape(url),
 			title: meta.config.title,
 			breadcrumbs: helpers.buildBreadcrumbs([{text: '[[notifications:outgoing_link]]'}])
 		};