diff options
| author | David Barksdale <amatus.amongus@gmail.com> | 2012-04-04 22:19:02 -0500 |
|---|---|---|
| committer | David Barksdale <amatus.amongus@gmail.com> | 2012-04-04 22:19:02 -0500 |
| commit | 8c193293c6f42e8dd1522c8d5cd26febc8a20f02 (patch) | |
| tree | 3162d8ff269a16e4e441c713ee2b49c3f0083591 | |
| parent | abbb4cf8b090bb95087f52dcc42927d13f792e36 (diff) | |
Avoid html injection.
This is probably unnecessary because valid unix usernames
don't have any bad characters in them.
| -rw-r--r-- | src/ctf_website/views/home.clj | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ctf_website/views/home.clj b/src/ctf_website/views/home.clj index 450d605..566a9ca 100644 --- a/src/ctf_website/views/home.clj +++ b/src/ctf_website/views/home.clj @@ -2,7 +2,7 @@ (:require [ctf-website.views.common :as common] [noir.session :as session]) (:use [noir.core :only [defpage]] - [hiccup.core :only [html]])) + [hiccup.core :only [h]])) (defpage "/" [] @@ -13,7 +13,7 @@ [:a {:href "login"} "Compete"] [:form {:method "POST" :action "flag"} - [:p (str "Submit flag as " username ":") + [:p (str "Submit flag as " (h username) ":") [:input {:type "text" :name "flag"}] [:input {:type "submit" |