schrottkatze/karton
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 2 Packages Wiki Activity

Fix XSS attack (again)

Browse source 
Now escaping only for slashes, since HTML is apparently case insensitive and using a script closing tag that wasn't entirely lowercase bypassed the earlier fix.
This commit is contained in:
Schrottkatze 2023-03-09 20:05:57 +01:00
parent c83a775ac2
commit 181ebb3a63
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/pasta.rs
View file

@ -155,7 +155,7 @@ impl Pasta {
self.content self.content
.replace('`', "\\`") .replace('`', "\\`")
.replace('$', "\\$") .replace('$', "\\$")
.replace("</script", "<\\/script") .replace('/', "\\/")
} }
} }