Escaping content for prevention of XSS attacks.

warcooft · web-flow · commit 18294434912d · 2024-07-19T04:08:59.000+07:00
diff --git a/src/Views/magic_link_form.php b/src/Views/magic_link_form.php
@@ -10,12 +10,12 @@
             <h5 class="card-title mb-5"><?= lang('Auth.useMagicLink') ?></h5>
 
                 <?php if (session('error') !== null) : ?>
-                    <div class="alert alert-danger" role="alert"><?= session('error') ?></div>
+                    <div class="alert alert-danger" role="alert"><?= esc(session('error')) ?></div>
                 <?php elseif (session('errors') !== null) : ?>
                     <div class="alert alert-danger" role="alert">
                         <?php if (is_array(session('errors'))) : ?>
                             <?php foreach (session('errors') as $error) : ?>
-                                <?= $error ?>
+                                <?= esc($error) ?>
                                 <br>
                             <?php endforeach ?>
                         <?php else : ?>
