Merge: contrib/opportunité: prevent useless xss exploit in meetup confirmation

author Jean Privat <jean@pryen.org>

Mon, 29 Jun 2015 12:21:02 +0000 (08:21 -0400)

committer Jean Privat <jean@pryen.org>

Mon, 29 Jun 2015 12:21:02 +0000 (08:21 -0400)
author Jean Privat <jean@pryen.org>
Mon, 29 Jun 2015 12:21:02 +0000 (08:21 -0400)
committer Jean Privat <jean@pryen.org>
Mon, 29 Jun 2015 12:21:02 +0000 (08:21 -0400)
diff --git a/contrib/opportunity/src/templates/meetup_confirmation.nit b/contrib/opportunity/src/templates/meetup_confirmation.nit

index 648f4da..0194d76 100644 (file)
--- a/contrib/opportunity/src/templates/meetup_confirmation.nit
+++ b/contrib/opportunity/src/templates/meetup_confirmation.nit
@@ -31,7 +31,7 @@ class MeetupConfirmation
                 </div>
                 <div class="container">
                         <div class="alert alert-success text-center" role="alert">
-                       {{{"Invite participants by sharing this link:"}}} <a href="./?meetup_id={{{meetup.id}}}">{{{meetup.name}}}</a>
+                       {{{"Invite participants by sharing this link:"}}} <a href="./?meetup_id={{{meetup.id}}}">{{{meetup.name.html_escape}}}</a>
                         </div>
                         <p class="text-center">
                         {{{"See you soon for more Opportunities!"}}}
author	Jean Privat <jean@pryen.org>
	Mon, 29 Jun 2015 12:21:02 +0000 (08:21 -0400)
committer	Jean Privat <jean@pryen.org>
	Mon, 29 Jun 2015 12:21:02 +0000 (08:21 -0400)