views: escape piwik host and siteId to prevent XSS

Fixes CVE-2018-11352 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2018-09-23 22:46:09 +02:00
1 changed files with 1 additions and 1 deletions
--- a/src/Wallabag/CoreBundle/Resources/views/base.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/base.html.twig
@ -69,7 +69,7 @@
        {% block footer %}{% endblock %}

        {% if craue_setting('piwik_enabled') %}
-            {{ piwik(craue_setting('piwik_host'), craue_setting('piwik_site_id')) }}
+            {{ piwik(craue_setting('piwik_host')|e('html_attr'), craue_setting('piwik_site_id')|e('html_attr')) }}
        {% endif %}
    </body>
 </html>