Fix XSS attack (again)
Now escaping only for slashes, since HTML is apparently case insensitive and using a script closing tag that wasn't entirely lowercase bypassed the earlier fix.
This commit is contained in:
parent
c83a775ac2
commit
181ebb3a63
1 changed files with 1 additions and 1 deletions
|
@ -155,7 +155,7 @@ impl Pasta {
|
||||||
self.content
|
self.content
|
||||||
.replace('`', "\\`")
|
.replace('`', "\\`")
|
||||||
.replace('$', "\\$")
|
.replace('$', "\\$")
|
||||||
.replace("</script", "<\\/script")
|
.replace('/', "\\/")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue