mirror of
https://github.com/FortAwesome/Font-Awesome.git
synced 2024-12-26 21:41:29 +08:00
Merge pull request #10259 from FortAwesome/search-script-injection
Fix script injection by using _.template escaping
This commit is contained in:
commit
49100c7c3a
@ -57,7 +57,7 @@ relative_path: ../
|
||||
{% include icons/medical.html %}
|
||||
</div>
|
||||
<script type="text/template" id="results-template">
|
||||
<h2 class="page-header">Search for '<span class="text-color-default"><%= content.query %></span>'</h2>
|
||||
<h2 class="page-header">Search for '<span class="text-color-default"><%- content.query %></span>'</h2>
|
||||
<% if (content.nbHits > 0) { %>
|
||||
<div class="row fontawesome-icon-list">
|
||||
<%= results %>
|
||||
|
Loading…
Reference in New Issue
Block a user