From e45d32d5a50857e8408917e2035c9abe1704fb23 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 17 Nov 2018 00:23:59 +0100 Subject: [PATCH 1/2] Fix lack of HTML encoding for stylesheet link Previous to the fix, the home page had a line like (notice the wrongly encoded `&`): ```html ``` --- src/App.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/App.php b/src/App.php index 445101309..013c12b90 100644 --- a/src/App.php +++ b/src/App.php @@ -116,7 +116,7 @@ class App public function registerStylesheet($path) { $url = str_replace($this->getBasePath() . DIRECTORY_SEPARATOR, '', $path); - + $url = htmlspecialchars($url, ENT_COMPAT, 'UTF-8'); $this->stylesheets[] = trim($url, '/'); } From 4d092872a5c286b6b91fbfc1f74d611e847269c0 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 17 Nov 2018 14:01:07 +0100 Subject: [PATCH 2/2] Escaping moved to template https://github.com/friendica/friendica/pull/6147#pullrequestreview-176051481 --- src/App.php | 2 +- view/templates/head.tpl | 2 +- view/theme/frio/templates/head.tpl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/App.php b/src/App.php index 013c12b90..445101309 100644 --- a/src/App.php +++ b/src/App.php @@ -116,7 +116,7 @@ class App public function registerStylesheet($path) { $url = str_replace($this->getBasePath() . DIRECTORY_SEPARATOR, '', $path); - $url = htmlspecialchars($url, ENT_COMPAT, 'UTF-8'); + $this->stylesheets[] = trim($url, '/'); } diff --git a/view/templates/head.tpl b/view/templates/head.tpl index e76b97b8b..f1983d7dc 100644 --- a/view/templates/head.tpl +++ b/view/templates/head.tpl @@ -9,7 +9,7 @@ {{foreach $stylesheets as $stylesheetUrl}} - + {{/foreach}} diff --git a/view/theme/frio/templates/head.tpl b/view/theme/frio/templates/head.tpl index d8f8b1d82..c8d30c0b5 100644 --- a/view/theme/frio/templates/head.tpl +++ b/view/theme/frio/templates/head.tpl @@ -26,7 +26,7 @@ {{foreach $stylesheets as $stylesheetUrl}} - + {{/foreach}} {{* own css files *}}