From 01ae69d6bb14725309e7b51a7b93c42134aa796a Mon Sep 17 00:00:00 2001
From: Nho Quy Dinh <nonononoki@gmail.com>
Date: Mon, 19 Jul 2021 09:15:24 +0200
Subject: [PATCH] Sanitize input when changing locale to prevent XSS

---
 src/main/resources/templates/fragments.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/resources/templates/fragments.html b/src/main/resources/templates/fragments.html
index f6ee8c75..eded98da 100644
--- a/src/main/resources/templates/fragments.html
+++ b/src/main/resources/templates/fragments.html
@@ -136,7 +136,9 @@
 			function onChangeLocal(e) {
 				let val = e.options[e.selectedIndex].value;
 				console.log(val);
-				window.location.search = val;
+				if (val.includes('?lang=') && val.length == 8) {
+					window.location.search = val;
+				}
 			}
 		</script>
 	</footer>