From 90e501284097180542610a1ba64d39147cb483fd Mon Sep 17 00:00:00 2001
From: Lan Tian <xuyh0120@outlook.com>
Date: Fri, 15 Jan 2021 01:22:39 +0800
Subject: [PATCH] proxy: filter input to prevent XSS

---
 proxy/traceroute.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/proxy/traceroute.go b/proxy/traceroute.go
index f85396b..d14a3ab 100644
--- a/proxy/traceroute.go
+++ b/proxy/traceroute.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"html"
 	"net/http"
 	"os/exec"
 	"regexp"
@@ -30,6 +31,7 @@ func tracerouteTryExecute(cmd []string, args [][]string) ([]byte, string) {
 func tracerouteHandler(httpW http.ResponseWriter, httpR *http.Request) {
 	query := string(httpR.URL.Query().Get("q"))
 	query = strings.TrimSpace(query)
+	query = html.EscapeString(query)
 	if query == "" {
 		invalidHandler(httpW, httpR)
 	} else {