Prevent attribute injection

2022-07-29 15:26:19 +08:00 · 2022-07-29 15:26:19 +08:00 · 0098fa8746
parent 828cef406c
commit 0098fa8746
1 changed files with 2 additions and 2 deletions
--- a/app/templates/userpage_post.html
+++ b/app/templates/userpage_post.html
@ -30,7 +30,7 @@
            :
            <a href='http://youdao.com/w/eng/{{word}}/#keyfrom=dict2.index' title={{word}}>{{word}}</a>
            ({{x[1]}})
-            <input type="checkbox" name="marked" value={{word}}>
+            <input type="checkbox" name="marked" value="{{word}}">
        </p>

       {% endfor %}