Add request parameter filtering to avoid XSS attacks

technicalguru · Jan 28, 2023 · eca361d · eca361d
1 parent 40ef8c4
commit eca361d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/WebApp/Layout.php b/src/WebApp/Layout.php
@@ -61,7 +61,7 @@ protected function renderMeta() {
 		if (!isset($meta['viewport']))  $meta['viewport']  = 'width=device-width, initial-scale=1, shrink-to-fit=no';
 		if (!isset($meta['pageclass'])) $meta['pageclass'] = get_class($this->page);
 		if (!isset($meta['canonical'])) {
-			$params = $this->app->request->params ? '?'.$this->app->request->params : '';
+			$params = $this->app->request->params ? '?'.\TgUtils\StringFilters::$NO_HTML->filter($this->app->request->params) : '';
 			$meta['canonical'] = $this->app->router->getCanonicalPath().$params;
 		}