RVE-2024-1 properly encode document title passed to js variable

2026-02-01 17:49:58 +09:00 · 2024-01-20 00:41:14 +09:00 · 2024-01-20 00:41:14 +09:00 · 1854700e77
commit 1854700e77
parent 152fb4e753
2 changed files with 2 additions and 2 deletions
--- a/modules/board/skins/xedition/_read.html
+++ b/modules/board/skins/xedition/_read.html
@ -64,7 +64,7 @@
 		    </li>
 		    </ul>
 			<script>
-				var sTitle = '{$oDocument->getTitleText()}';
+				var sTitle = {json_encode($oDocument->getTitleText())};
 				jQuery(function($){
 					$('.twitter').snspost({
 						type : 'twitter',