Fix potential XSS on the Settings / API page

The CSP policy already prevent the execution of inline Javascript.
2023-01-06 21:02:44 +01:00
parent 8902c1448d
commit 3824e6e9aa
1 changed files with 1 additions and 1 deletions
--- a/app/Template/config/api.php
+++ b/app/Template/config/api.php
@@ -9,7 +9,7 @@
        </li>
        <li>
            <?= t('API endpoint:') ?>
-            <strong><?= $this->url->base().'jsonrpc.php' ?></strong>
+            <strong><?= $this->text->e($this->url->base()).'jsonrpc.php' ?></strong>
        </li>
    </ul>
 </div>