mirror of
https://github.com/dutchcoders/transfer.sh.git
synced 2024-12-27 21:00:19 +01:00
Fix XSS in markdown preview
This commit is contained in:
parent
3b60ba16cd
commit
d4baaba35f
1 changed files with 2 additions and 1 deletions
|
@ -133,7 +133,8 @@ func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
if strings.HasPrefix(contentType, "text/x-markdown") || strings.HasPrefix(contentType, "text/markdown") {
|
||||
output := blackfriday.MarkdownCommon(data)
|
||||
escapedData := html.EscapeString(string(data))
|
||||
output := blackfriday.MarkdownCommon([]byte(escapedData))
|
||||
content = html_template.HTML(output)
|
||||
} else if strings.HasPrefix(contentType, "text/plain") {
|
||||
content = html_template.HTML(fmt.Sprintf("<pre>%s</pre>", html.EscapeString(string(data))))
|
||||
|
|
Loading…
Reference in a new issue