burble.dn42/bird-lg-go
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

proxy: filter input to prevent XSS

Browse Source
This commit is contained in:
Lan Tian 2021-01-15 01:22:39 +08:00
parent 8d5eb56199
commit 90e5012840
No known key found for this signature in database
GPG Key ID: 3D2E9DC81E5791C7
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
proxy/traceroute.go
View File

@ -2,6 +2,7 @@ package main
import ( import (
"fmt" "fmt"
"html"
"net/http" "net/http"
"os/exec" "os/exec"
"regexp" "regexp"
@ -30,6 +31,7 @@ func tracerouteTryExecute(cmd []string, args [][]string) ([]byte, string) {
func tracerouteHandler(httpW http.ResponseWriter, httpR *http.Request) { func tracerouteHandler(httpW http.ResponseWriter, httpR *http.Request) {
query := string(httpR.URL.Query().Get("q")) query := string(httpR.URL.Query().Get("q"))
query = strings.TrimSpace(query) query = strings.TrimSpace(query)
query = html.EscapeString(query)
if query == "" { if query == "" {
invalidHandler(httpW, httpR) invalidHandler(httpW, httpR)
} else { } else {