Use safeHTMLAttr in the integrity attributes.

2025-08-21 04:41:36 +02:00 · 2020-04-28 22:17:43 +03:00
parent 737b6925ab
commit 2bd3bd842d
4 changed files with 8 additions and 8 deletions
--- a/site/layouts/_default/examples.html
+++ b/site/layouts/_default/examples.html
@@ -44,13 +44,13 @@

    {{ if ne .Page.Params.include_js false -}}
      {{- if eq hugo.Environment "production" -}}
-        <script src="/docs/{{ .Site.Params.docs_version }}/dist/js/bootstrap.bundle.min.js" integrity="{{ .Site.Params.cdn.js_bundle_hash }}" crossorigin="anonymous"></script>
+        <script src="/docs/{{ .Site.Params.docs_version }}/dist/js/bootstrap.bundle.min.js" {{ printf "integrity=%q" .Site.Params.cdn.js_bundle_hash | safeHTMLAttr }} crossorigin="anonymous"></script>
      {{- else -}}
        <script src="/docs/{{ .Site.Params.docs_version }}/dist/js/bootstrap.bundle.js"></script>
      {{- end }}

      {{ range .Page.Params.extra_js -}}
-        <script{{ with .async }} async{{ end }} src="{{ .src }}"{{ with .integrity }} integrity="{{ . }}" crossorigin="anonymous"{{ end }}></script>
+        <script{{ with .async }} async{{ end }} src="{{ .src }}"{{ with .integrity }} {{ printf "integrity=%q" . | safeHTMLAttr }} crossorigin="anonymous"{{ end }}></script>
      {{- end -}}
    {{- end }}
  </body>