Skip to content

Commit

Permalink
Escape query param before using it as ID in HTML redirect
Browse files Browse the repository at this point in the history
  • Loading branch information
fsteeg committed Dec 21, 2023
1 parent 2a885da commit e127e2c
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion app/controllers/nwbib/Application.java
Original file line number Diff line number Diff line change
@@ -53,6 +53,7 @@
import play.mvc.Http;
import play.mvc.Result;
import play.mvc.Results;
import play.twirl.api.HtmlFormat;
import views.html.browse_classification;
import views.html.browse_register;
import views.html.classification;
@@ -283,7 +284,7 @@ public static Promise<Result> searchSpatial(final String id, final int from, fin
public static Promise<Result> showPl(String name, String db, int index, int zeilen, String s1) {
return Promise
.pure(ok("<head><meta http-equiv='Refresh' content='0; URL=https://rppd.lobid.org/"
+ s1 + "'/></head>").as("text/html"));
+ HtmlFormat.escape(s1) + "'/></head>").as("text/html"));
}

/**

0 comments on commit e127e2c

Please sign in to comment.