fix xss on error page

2022-12-02 13:42:03 +01:00 · 2022-12-02 13:42:03 +01:00 · a3e54c91cf
parent 5e72753e91
commit a3e54c91cf
1 changed files with 5 additions and 3 deletions
--- a/html/error.go
+++ b/html/error.go
@ -1,6 +1,7 @@
 package html

 import (
+	"html/template"
 	"net/http"
 	"strconv"
 	"strings"
@ -39,7 +40,8 @@ func errorMessage(statusCode int) string {

 // TODO: use template engine
 func errorBody(statusCode int) string {
-	return strings.ReplaceAll(NotFoundPage,
-		"%status%",
-		strconv.Itoa(statusCode)+" "+errorMessage(statusCode))
+	return template.HTMLEscapeString(
+		strings.ReplaceAll(NotFoundPage,
+			"%status%",
+			strconv.Itoa(statusCode)+" "+errorMessage(statusCode)))
 }