Upstream/pages-server
2
0
Fork 0
mirror of https://codeberg.org/Codeberg/pages-server.git synced 2024-06-15 23:50:52 +02:00
Code Issues Projects Releases Wiki Activity

fix xss on error page

Browse Source
This commit is contained in:
crapStone 2022-12-02 13:42:03 +01:00
parent 5e72753e91
commit a3e54c91cf
No known key found for this signature in database
GPG Key ID: 4CAA9E39EEDEB1F0
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
html/error.go
View File

@ -1,6 +1,7 @@
package html package html
import ( import (
"html/template"
"net/http" "net/http"
"strconv" "strconv"
"strings" "strings"
@ -39,7 +40,8 @@ func errorMessage(statusCode int) string {
// TODO: use template engine // TODO: use template engine
func errorBody(statusCode int) string { func errorBody(statusCode int) string {
return strings.ReplaceAll(NotFoundPage, return template.HTMLEscapeString(
"%status%", strings.ReplaceAll(NotFoundPage,
strconv.Itoa(statusCode)+" "+errorMessage(statusCode)) "%status%",
strconv.Itoa(statusCode)+" "+errorMessage(statusCode)))
} }