Fix script injection by using _.template escaping

author robmadole <robmadole@gmail.com>

Mon, 21 Nov 2016 16:35:14 +0000 (10:35 -0600)

committer robmadole <robmadole@gmail.com>

Mon, 21 Nov 2016 16:35:14 +0000 (10:35 -0600)
author robmadole <robmadole@gmail.com>
Mon, 21 Nov 2016 16:35:14 +0000 (10:35 -0600)
committer robmadole <robmadole@gmail.com>
Mon, 21 Nov 2016 16:35:14 +0000 (10:35 -0600)
diff --git a/src/icons.html b/src/icons.html

index 00ad17e74db332b49fb9792df5e3928e92e2d120..85534b2dd50786fb52db411445eec17dfed2d5c9 100644 (file)
--- a/src/icons.html
+++ b/src/icons.html
@@ -57,7 +57,7 @@ relative_path: ../
      {% include icons/medical.html %}
    </div>
    <script type="text/template" id="results-template">
-    <h2 class="page-header">Search for '<span class="text-color-default"><%= content.query %></span>'</h2>
+    <h2 class="page-header">Search for '<span class="text-color-default"><%- content.query %></span>'</h2>
      <% if (content.nbHits > 0) { %>
        <div class="row fontawesome-icon-list">
          <%= results %>
author	robmadole <robmadole@gmail.com>
	Mon, 21 Nov 2016 16:35:14 +0000 (10:35 -0600)
committer	robmadole <robmadole@gmail.com>
	Mon, 21 Nov 2016 16:35:14 +0000 (10:35 -0600)