Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Don't directly inject $_GET parameters in html.
The Search module created a canonical tag containing a directly injected $_GET parameter. This commit makes sure we encode specialcharacters making XSS impossible. Fixes #1018
- Loading branch information