Fix script injection by using _.template escapingorigin/search-script-injection

author: robmadole <robmadole@gmail.com> 2016-11-21 10:35:14 -0600
committer: robmadole <robmadole@gmail.com> 2016-11-21 10:35:14 -0600
commit: 75cdda9bf768914e72e1d72b720d8b44566d3f6f (patch)
tree: bd1ce27e1c28bc4907164efd7aa37534bebaff3b
parent: 3fbc6846364ff92afe88d21124df7509ce3771b5 (diff)
download: Font-Awesome-origin/search-script-injection.zip
Font-Awesome-origin/search-script-injection.tar.gz
Font-Awesome-origin/search-script-injection.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/icons.html b/src/icons.html
index 00ad17e..85534b2 100644
--- a/src/icons.html
+++ b/src/icons.html
@@ -57,7 +57,7 @@ relative_path: ../
     {% include icons/medical.html %}
   </div>
   <script type="text/template" id="results-template">
-    <h2 class="page-header">Search for '<span class="text-color-default"><%= content.query %></span>'</h2>
+    <h2 class="page-header">Search for '<span class="text-color-default"><%- content.query %></span>'</h2>
     <% if (content.nbHits > 0) { %>
       <div class="row fontawesome-icon-list">
         <%= results %>
author	robmadole <robmadole@gmail.com>	2016-11-21 10:35:14 -0600
committer	robmadole <robmadole@gmail.com>	2016-11-21 10:35:14 -0600
commit	75cdda9bf768914e72e1d72b720d8b44566d3f6f (patch)
tree	bd1ce27e1c28bc4907164efd7aa37534bebaff3b
parent	3fbc6846364ff92afe88d21124df7509ce3771b5 (diff)
download	Font-Awesome-origin/search-script-injection.zip Font-Awesome-origin/search-script-injection.tar.gz Font-Awesome-origin/search-script-injection.tar.bz2