From dfc70c098f43b320cbb750b0a89ee9c027ce8fed Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Sat, 6 Jun 2020 18:32:22 +0200
Subject: [PATCH] Fix XSS in character search

---
 CHANGELOG.md                         | 1 +
 system/templates/error_box.html.twig | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9d324a8..acc7089f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
     * Caused migrations being fired when user manually imported database
 
 ### Fixed
+* XSS in character search
 * Admin menu news editing warning when leaving page without touching the inputs
 
 ## [0.8.2 - 03.06.2020]
diff --git a/system/templates/error_box.html.twig b/system/templates/error_box.html.twig
index f06c1d73..e6ed4992 100644
--- a/system/templates/error_box.html.twig
+++ b/system/templates/error_box.html.twig
@@ -9,7 +9,7 @@
 			<div class="AttentionSign" style="background-image:url({{ template_path }}/images/content/attentionsign.gif);"></div>
 			<b>The Following Errors Have Occurred:</b><br/>
 			{% for error in errors %}
-			<li>{{ error|raw }}</li>
+			<li>{{ error|striptags('<b>')|raw }}</li>
 			{% endfor %}
 		</div>
 		<div class="BoxFrameHorizontal" style="background-image:url({{ template_path }}/images/content/box-frame-horizontal.gif);"></div>