TudbuT/theforum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix XSS

Browse source
This commit is contained in:
Daniella 2022-01-17 10:45:46 +01:00 committed by GitHub
parent 3223b0f58a
commit 4f12355720
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
views/post.ejs
View file

@ -76,7 +76,7 @@
const makeForm = id == comment || postid == -1
ret +=
`<post><div class="content"><h3>${post.author}: ${post.title}</h3>` +
`<post><div class="content"><h3>${post.author.replaceAll('<','&lt;').replaceAll('>','&gt;')}: ${post.title.replaceAll('<','&lt;').replaceAll('>','&gt;')}</h3>` +
post.content.replaceAll('<','&lt;').replaceAll('>','&gt;')
.replaceAll('[* ', '<i>').replaceAll(' *]', '</i>')
.replaceAll('[** ', '<b>').replaceAll(' **]', '</b>')