commit aebf70ed75dbbe1fbbf0f72f7d9f94f08aab0ed5
parent 575491e39f7ed2c4223461427fc792612a4f8fc1
Author: Martin Ashby <martin@ashbysoft.com>
Date: Fri, 30 Dec 2022 10:32:46 +0000
Use URLSearchParams to sanitize query params
Diffstat:
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/themes/XMin/layouts/partials/foot_custom.html b/themes/XMin/layouts/partials/foot_custom.html
@@ -17,14 +17,16 @@
<div style="visibility: hidden" id="comment_form">comment form goes here</div>
<script>
let comments = document.getElementById("comments");
- fetch(document.location.origin + "/api/comment?url=" + document.location.href)
+ let urlParam = new URLSearchParams();
+ urlParam.append("url", document.location.href);
+ fetch(document.location.origin + "/api/comment?" + urlParam.toString())
.then((response) => response.text())
.then((data) => {
comments.innerHTML = data;
comments.style.visibility = "visible";
});
let form = document.getElementById("comment_form");
- fetch(document.location.origin + "/api/form?url=" + document.location.href)
+ fetch(document.location.origin + "/api/form?" + urlParam.toString())
.then((response) => response.text())
.then((data) => {
form.innerHTML = data;
