aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Ashby <martin@ashbysoft.com>2022-12-30 10:32:46 +0000
committerMartin Ashby <martin@ashbysoft.com>2022-12-30 10:32:46 +0000
commitaebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5 (patch)
tree0c54c17531473de9287170601d8974ffa959bedf
parent575491e39f7ed2c4223461427fc792612a4f8fc1 (diff)
downloadmfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.tar.gz
mfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.tar.bz2
mfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.tar.xz
mfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.zip
Use URLSearchParams to sanitize query params
-rw-r--r--themes/XMin/layouts/partials/foot_custom.html6
1 files changed, 4 insertions, 2 deletions
diff --git a/themes/XMin/layouts/partials/foot_custom.html b/themes/XMin/layouts/partials/foot_custom.html
index 754b722..eb0962a 100644
--- a/themes/XMin/layouts/partials/foot_custom.html
+++ b/themes/XMin/layouts/partials/foot_custom.html
@@ -17,14 +17,16 @@
<div style="visibility: hidden" id="comment_form">comment form goes here</div>
<script>
let comments = document.getElementById("comments");
- fetch(document.location.origin + "/api/comment?url=" + document.location.href)
+ let urlParam = new URLSearchParams();
+ urlParam.append("url", document.location.href);
+ fetch(document.location.origin + "/api/comment?" + urlParam.toString())
.then((response) => response.text())
.then((data) => {
comments.innerHTML = data;
comments.style.visibility = "visible";
});
let form = document.getElementById("comment_form");
- fetch(document.location.origin + "/api/form?url=" + document.location.href)
+ fetch(document.location.origin + "/api/form?" + urlParam.toString())
.then((response) => response.text())
.then((data) => {
form.innerHTML = data;