diff options
author | Martin Ashby <martin@ashbysoft.com> | 2022-12-30 10:32:46 +0000 |
---|---|---|
committer | Martin Ashby <martin@ashbysoft.com> | 2022-12-30 10:32:46 +0000 |
commit | aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5 (patch) | |
tree | 0c54c17531473de9287170601d8974ffa959bedf | |
parent | 575491e39f7ed2c4223461427fc792612a4f8fc1 (diff) | |
download | mfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.tar.gz mfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.tar.bz2 mfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.tar.xz mfashby.net-aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5.zip |
Use URLSearchParams to sanitize query params
-rw-r--r-- | themes/XMin/layouts/partials/foot_custom.html | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/themes/XMin/layouts/partials/foot_custom.html b/themes/XMin/layouts/partials/foot_custom.html index 754b722..eb0962a 100644 --- a/themes/XMin/layouts/partials/foot_custom.html +++ b/themes/XMin/layouts/partials/foot_custom.html @@ -17,14 +17,16 @@ <div style="visibility: hidden" id="comment_form">comment form goes here</div> <script> let comments = document.getElementById("comments"); - fetch(document.location.origin + "/api/comment?url=" + document.location.href) + let urlParam = new URLSearchParams(); + urlParam.append("url", document.location.href); + fetch(document.location.origin + "/api/comment?" + urlParam.toString()) .then((response) => response.text()) .then((data) => { comments.innerHTML = data; comments.style.visibility = "visible"; }); let form = document.getElementById("comment_form"); - fetch(document.location.origin + "/api/form?url=" + document.location.href) + fetch(document.location.origin + "/api/form?" + urlParam.toString()) .then((response) => response.text()) .then((data) => { form.innerHTML = data; |