kiska
/
transfer.sh
1
0
Fork 2
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

💊 Fix XSS in markdown

pull/37/head
YASME-Tim 8 years ago
parent
98399c91dd
commit
b75f75ce38
1 changed files with 1 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      transfersh-server/handlers.go

+ 1
- 1
transfersh-server/handlers.go View File

@@ -100,7 +100,7 @@ func previewHandler(w http.ResponseWriter, r *http.Request) {
}

if strings.HasPrefix(contentType, "text/x-markdown") || strings.HasPrefix(contentType, "text/markdown") {
output := blackfriday.MarkdownCommon(data)
output := blackfriday.MarkdownCommon(html.EscapeString(data))
content = html_template.HTML(output)
} else if strings.HasPrefix(contentType, "text/plain") {
content = html_template.HTML(fmt.Sprintf("<pre>%s</pre>", html.EscapeString(string(data))))


Write Preview
Loading…
Cancel
Save