From 6a9ab1ddcb4e47c7d999367e7cb0f6dca24a603a Mon Sep 17 00:00:00 2001
From: Mikael Henriksson <mikael@mhenrixon.com>
Date: Mon, 12 Feb 2024 18:06:43 +0200
Subject: [PATCH] fix(xss): prevent redis xss vulnerability (#832)

---
 lib/sidekiq_unique_jobs/web.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/sidekiq_unique_jobs/web.rb b/lib/sidekiq_unique_jobs/web.rb
index bf515e84..fc3cda7d 100644
--- a/lib/sidekiq_unique_jobs/web.rb
+++ b/lib/sidekiq_unique_jobs/web.rb
@@ -85,8 +85,9 @@ def self.registered(app) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
 
       app.get "/locks/:digest/jobs/:job_id/delete" do
         @digest = h(params[:digest])
+        @job_id = h(params[:job_id])
         @lock   = SidekiqUniqueJobs::Lock.new(@digest)
-        @lock.unlock(params[:job_id])
+        @lock.unlock(@job_id)
 
         redirect_to "locks/#{@lock.key}"
       end