From 555c018ff0f2b9a53582b9e7aa89516ec730b144 Mon Sep 17 00:00:00 2001 From: aklerza <60571063+aklerza@users.noreply.github.com> Date: Sat, 12 Oct 2024 13:34:58 +0400 Subject: [PATCH] Fix XSS vulnerability. --- bibtexbrowser.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bibtexbrowser.php b/bibtexbrowser.php index 9dfb363..3c611b8 100755 --- a/bibtexbrowser.php +++ b/bibtexbrowser.php @@ -296,7 +296,8 @@ function default_message() { You may browse:
'.$bibfile.'
'; + $url="?bib=".urlencode($bibfile); + echo ''.htmlspecialchars($bibfile, ENT_QUOTES, 'UTF-8').'
'; } echo ""; }