xss: Fix possible XSS vuln in current sequence display

88bedbde · Jared Hancock · e8cedfd6 · 88bedbde
Commit 88bedbde authored 10 years ago by Jared Hancock
--- a/include/ajax.sequence.php
+++ b/include/ajax.sequence.php
@@ -33,7 +33,7 @@ class SequenceAjaxAPI extends AjaxController {
        elseif (!($sequence = Sequence::lookup($id)))
            Http::response(404, 'No such object');
-        return $sequence->current($_GET['format']);
+        return $sequence->current(Format::htmlchars($_GET['format']));
    }
    /**