diff options
| author | David T. Sadler <davidtsadler@googlemail.com> | 2021-11-01 21:24:31 +0000 |
|---|---|---|
| committer | David T. Sadler <davidtsadler@googlemail.com> | 2021-11-01 21:24:31 +0000 |
| commit | 558959d4d7dcceff000fd5861f2f46451ebbd8a9 (patch) | |
| tree | 550a4df1072333a4d3da5524d80d34689c6227a2 /src/templates/index.php | |
| parent | 647395dd6a9152ddb9d298daff21c6a3ada6d80b (diff) | |
Ensure html is escaped
Diffstat (limited to 'src/templates/index.php')
| -rw-r--r-- | src/templates/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/templates/index.php b/src/templates/index.php index d246605..4f76614 100644 --- a/src/templates/index.php +++ b/src/templates/index.php @@ -12,7 +12,7 @@ <a href="/create">Add</a> <ul> <?php foreach ($bookmarks as $bookmark) { ?> - <li><a href="<?php echo $bookmark->url; ?>"><?php echo $bookmark->title != '' ? $bookmark->title : $bookmark->url; ?></a> <a href="/edit?id=<?php echo $bookmark->id; ?>">Edit</a> | <a href="/delete/confirm?id=<?php echo $bookmark->id; ?>">Delete</a></li> + <li><a href="<?php echo htmlentities($bookmark->url); ?>"><?php echo $bookmark->title != '' ? htmlentities($bookmark->title) : htmlentities($bookmark->url); ?></a> <a href="/edit?id=<?php echo $bookmark->id; ?>">Edit</a> | <a href="/delete/confirm?id=<?php echo $bookmark->id; ?>">Delete</a></li> <?php } ?> </ul> </body> |