From 3b462b2fac2d3502004b96130e52e9d632e3e9fa Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 23 Jul 2025 10:07:35 +0000
Subject: [PATCH] Fix YQL injection vulnerability in SunSetApp

---
 iOS 10/SunSetApp/SunSetApp/SunSetApp/ViewController.swift | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/iOS 10/SunSetApp/SunSetApp/SunSetApp/ViewController.swift b/iOS 10/SunSetApp/SunSetApp/SunSetApp/ViewController.swift
index 3181a53..cac87dd 100644
--- a/iOS 10/SunSetApp/SunSetApp/SunSetApp/ViewController.swift	
+++ b/iOS 10/SunSetApp/SunSetApp/SunSetApp/ViewController.swift	
@@ -20,7 +20,8 @@ class ViewController: UIViewController {
  
     @IBAction func buGetSunSet(_ sender: Any) {
         
-        let url="https://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20weather.forecast%20where%20woeid%20in%20(select%20woeid%20from%20geo.places(1)%20where%20text%3D%22\(laCity.text!)%22)&format=json&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys"
+        let city = laCity.text!.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)
+        let url="https://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20weather.forecast%20where%20woeid%20in%20(select%20woeid%20from%20geo.places(1)%20where%20text%3D%22\(city!)%22)&format=json&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys"
         LoadURL(url: url)
    
     }