Validation of timeformat, dateformat, and dateformatshort

flatpressblog / flatpress

FlatPress is a lightweight, easy-to-set-up flat-file blogging engine.

https://flatpress.org

GNU General Public License v2.0

186 stars 57 forks source link

Closed Fraenkiman closed 1 week ago

Fraenkiman commented 1 week ago

This eliminates the XSS vulnerabilities
Only a-zA-Z0-9:%.,- and spaces are now allowed in timeformat, dateformat, and dateformatshort.