Sanitize input when changing locale to prevent XSS

Alovoa · Jul 19, 2021 · 01ae69d · 01ae69d
1 parent d4be216
commit 01ae69d
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/main/resources/templates/fragments.html b/src/main/resources/templates/fragments.html
@@ -136,7 +136,9 @@
 			function onChangeLocal(e) {
 				let val = e.options[e.selectedIndex].value;
 				console.log(val);
-				window.location.search = val;
+				if (val.includes('?lang=') && val.length == 8) {
+					window.location.search = val;
+				}
 			}
 		</script>
 	</footer>