XWIKI-20352: Sanitize template URLs

Author: surli

xwiki-platform-core/xwiki-platform-flamingo/xwiki-platform-flamingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/restore.vm

@@ -178,9 +178,9 @@
   </div>
   <button class="btn btn-primary">$services.localization.render('core.restore.confirm.yes')</button>
   #if("$!{request.xredirect}" != '')
-    #set($cancelUrl = "$request.xredirect")
+    #getSanitizedURLAttributeValue('a','href',$request.xredirect,$doc.getURL(),$cancelUrl)
   #else
-    #set($cancelUrl = $doc.getURL())
+    #set($cancelUrl = $escapetool.xml($doc.getURL()))
   #end
-  <a class="btn btn-default" href="$!{escapetool.xml(${cancelUrl})}">$services.localization.render('core.restore.confirm.no')</a>
+  <a class="btn btn-default" href="$cancelUrl">$services.localization.render('core.restore.confirm.no')</a>
 #end