github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: content Search page XSS injection problem (#1534)

pull/1537/head
guqing 2021-11-16 21:42:46 +08:00 committed by GitHub
parent 641e03e401
commit e1737145ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/run/halo/app/controller/content/ContentSearchController.java
View File

@ -74,7 +74,7 @@ public class ContentSearchController {
final Page<PostListVO> posts = postService.convertToListVo(postPage);
model.addAttribute("is_search", true);
model.addAttribute("keyword", keyword);
model.addAttribute("keyword", HtmlUtils.htmlEscape(keyword));
model.addAttribute("posts", posts);
model.addAttribute("meta_keywords", optionService.getSeoKeywords());
model.addAttribute("meta_description", optionService.getSeoDescription());