aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src/main/java/com/juick/www/Home.java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-08-28 18:38:15 +0300
committerGravatar Vitaly Takmazov2016-08-28 18:38:15 +0300
commit14f111c2e3f20f563dfbe17181f77bfaa9cd57ef (patch)
tree6ed744340e137f1112642182e41cbcb8ed030afe /juick-www/src/main/java/com/juick/www/Home.java
parent7092b70a8a92fc1fdfaa8a2c54ec7a2037f8790c (diff)
Tags: should be escaped in db and unescaped in templates
Diffstat (limited to 'juick-www/src/main/java/com/juick/www/Home.java')
-rw-r--r--juick-www/src/main/java/com/juick/www/Home.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/juick-www/src/main/java/com/juick/www/Home.java b/juick-www/src/main/java/com/juick/www/Home.java
index e11ed6f4..462c47bb 100644
--- a/juick-www/src/main/java/com/juick/www/Home.java
+++ b/juick-www/src/main/java/com/juick/www/Home.java
@@ -19,6 +19,7 @@ package com.juick.www;
import com.juick.server.AdsQueries;
import com.juick.server.MessagesQueries;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.jdbc.core.JdbcTemplate;
import javax.servlet.ServletException;
@@ -55,7 +56,7 @@ public class Home {
String paramShow = request.getParameter("show");
if (paramSearch != null) {
- title = "Поиск: " + Utils.encodeHTML(paramSearch);
+ title = "Поиск: " + StringEscapeUtils.escapeHtml4(paramSearch);
mids = MessagesQueries.getSearch(sql, sqlSearch, Utils.encodeSphinx(paramSearch), paramBefore);
} else if (paramShow == null) {
if (visitor.getUID() > 0) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 04:11:11 +0000