Use URLSearchParams to sanitize query params

1 files changed, 4 insertions, 2 deletions

diff --git a/themes/XMin/layouts/partials/foot_custom.html b/themes/XMin/layouts/partials/foot_custom.html
index 754b722..eb0962a 100644
--- a/themes/XMin/layouts/partials/foot_custom.html
+++ b/themes/XMin/layouts/partials/foot_custom.html
@@ -17,14 +17,16 @@
 <div style="visibility: hidden" id="comment_form">comment form goes here</div>
 <script>
      let comments = document.getElementById("comments");
-     fetch(document.location.origin + "/api/comment?url=" + document.location.href)
+     let urlParam = new URLSearchParams();
+     urlParam.append("url", document.location.href);
+     fetch(document.location.origin + "/api/comment?" + urlParam.toString())
           .then((response) => response.text())
           .then((data) => {
                comments.innerHTML = data;
                comments.style.visibility = "visible";
           });
      let form = document.getElementById("comment_form");
-     fetch(document.location.origin + "/api/form?url=" + document.location.href)
+     fetch(document.location.origin + "/api/form?" + urlParam.toString())
           .then((response) => response.text())
           .then((data) => {
                form.innerHTML = data;