fix: escape redirect_url in flash message templates (#16839)

Co-authored-by: wangruidong <940853815@qq.com>
This commit is contained in:
fit2bot
2026-05-14 18:27:22 +08:00
committed by GitHub
parent 05d1775c7b
commit f19e6b524a
2 changed files with 3 additions and 5 deletions

View File

@@ -48,7 +48,7 @@
var time = '{{ interval }}'
var error = '{{ error }}'
var auto_redirect = '{{ auto_redirect }}'
if (error) {
message = error
} else {
@@ -62,7 +62,7 @@
time--;
setTimeout(redirect_page, 1000);
} else {
window.location.href = "{{ redirect_url }}";
window.location.href = '{{ redirect_url|escapejs }}';
}
}
@@ -71,4 +71,3 @@
}
</script>
{% endblock %}

View File

@@ -52,7 +52,7 @@
{% else %}
message = '{{ message|safe }}'
{% endif %}
var redirect_url = '{{ redirect_url }}'
var redirect_url = '{{ redirect_url|escapejs }}'
function redirect_page() {
if (time >= 0) {
@@ -69,4 +69,3 @@
{% endif %}
</script>
{% endblock %}