From: robmadole <robmadole@gmail.com>
Date: Mon, 21 Nov 2016 16:35:14 +0000 (-0600)
Subject: Fix script injection by using _.template escaping
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F10259%2Fhead;p=thirdparty%2FFont-Awesome.git

Fix script injection by using _.template escaping
---

diff --git a/src/icons.html b/src/icons.html
index 00ad17e74d..85534b2dd5 100644
--- a/src/icons.html
+++ b/src/icons.html
@@ -57,7 +57,7 @@ relative_path: ../
     {% include icons/medical.html %}
   </div>
   <script type="text/template" id="results-template">
-    <h2 class="page-header">Search for '<span class="text-color-default"><%= content.query %></span>'</h2>
+    <h2 class="page-header">Search for '<span class="text-color-default"><%- content.query %></span>'</h2>
     <% if (content.nbHits > 0) { %>
       <div class="row fontawesome-icon-list">
         <%= results %>