From 1ea0c87de729e0dcd53eb6fe3bc86ba739121d8e Mon Sep 17 00:00:00 2001 From: Mark Story Date: Sat, 19 May 2018 22:09:46 -0400 Subject: [PATCH] Add missing HTML encoding to templates. These templates were missing encoding and we were notified by Nancer via the responsible disclosure process. --- src/Template/Error/duplicate_named_route.ctp | 8 ++++---- src/Template/Error/missing_route.ctp | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/Template/Error/duplicate_named_route.ctp b/src/Template/Error/duplicate_named_route.ctp index 236fdb13fc8..d88d5f82864 100644 --- a/src/Template/Error/duplicate_named_route.ctp +++ b/src/Template/Error/duplicate_named_route.ctp @@ -25,7 +25,7 @@ $attributes = $error->getAttributes(); $this->start('subheading'); ?> Error: - = $error->getMessage(); ?> + = h($error->getMessage()); ?> end() ?> start('file') ?> @@ -50,9 +50,9 @@ Remove duplicate route names in your route configuration.
echo 'The passed context was:
-= Debugger::exportVar($attributes['context']); ?> += h(Debugger::exportVar($attributes['context'])); ?>@@ -48,9 +48,9 @@ foreach (Router::routes() as $route): echo '