escaping string for prevention of XSS attacks.

warcooft · web-flow · commit 1cc1752c240c · 2024-07-19T04:13:16.000+07:00
diff --git a/src/Views/email_activate_show.php b/src/Views/email_activate_show.php
@@ -10,7 +10,7 @@
             <h5 class="card-title mb-5"><?= lang('Auth.emailActivateTitle') ?></h5>
 
             <?php if (session('error')) : ?>
-                <div class="alert alert-danger"><?= session('error') ?></div>
+                <div class="alert alert-danger"><?= esc(session('error')) ?></div>
             <?php endif ?>
 
             <p><?= lang('Auth.emailActivateBody') ?></p>
