diff options
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | templates/web/base/pagination.html | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index f85991373..95514c3b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ ## Releases * Unreleased + - Security: + - Fix XSS vulnerability in pagination page number. - Front end improvements: - Improved 403 message, especially for private reports. #2511 - Mobile users can now filter the pins on the `/around` map view. #2366 diff --git a/templates/web/base/pagination.html b/templates/web/base/pagination.html index 3b7bdc0b2..9efdc3d78 100644 --- a/templates/web/base/pagination.html +++ b/templates/web/base/pagination.html @@ -1,5 +1,5 @@ [% IF pager.total_entries > 1 %] - <p class="pagination" data-page="[% pager.current_page %]"> + <p class="pagination" data-page="[% pager.current_page | html %]"> [% IF pager.previous_page %] <a class="prev" href="[% c.uri_with({ $param => pager.previous_page, ajax => undefined }) %][% '#' _ hash IF hash %]">[% loc('Previous') %]</a> [% END %] |