escape user input to fix XSS "vulnerability" (#195)

ytti · Jul 1, 2019 · 55ab9bd · 55ab9bd
1 parent 5add416
commit 55ab9bd
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/oxidized/web/views/conf_search.haml b/lib/oxidized/web/views/conf_search.haml
@@ -3,7 +3,8 @@
     %h4
       %a{href: url_for('/nodes')} nodes
       \/ Nodes that contain 
-      %span "#{@to_research}"
+      %span
+        &= "#{@to_research}"
 
 .row
   .pull-right