Fix yet an other XSS

master
jvoisin 6 years ago
parent 10e90beb30
commit af4165310f
  1. 4
      airsonic-main/src/main/webapp/WEB-INF/jsp/allmusic.jsp

@ -5,10 +5,10 @@
</head>
<body onload="document.allmusic.submit();" class="mainframe bgcolor1">
<h2><fmt:message key="allmusic.text"><fmt:param value="${album}"/></fmt:message></h2>
<h2><fmt:message key="allmusic.text"><fmt:param value="${fn:escapeXml(album)}"/></fmt:message></h2>
<form name="allmusic" action="https://www.allmusic.com/search" method="POST" accept-charset="iso-8859-1">
<input type="hidden" name="search_term" value="${album}"/>
<input type="hidden" name="search_term" value="${fn:escapeXml(album)}"/>
<input type="hidden" name="search_type" value="album"/>
</form>

Loading…
Cancel
Save