backend: fix XSS in team name and events
This commit is contained in:
parent
ca8bac1ac8
commit
429cd3010c
4 changed files with 9 additions and 5 deletions
|
|
@ -5,6 +5,7 @@ import (
|
|||
"encoding/binary"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"html"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"math/rand"
|
||||
|
|
@ -86,7 +87,7 @@ func treatRegistration(pathname string, team_id string) {
|
|||
if err := os.Remove(pathname); err != nil {
|
||||
log.Printf("%s [WRN] %s\n", id, err)
|
||||
}
|
||||
if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe <strong>%s</strong> qui vient de nous rejoindre !", team.Name), "info"); err != nil {
|
||||
if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe <strong>%s</strong> qui vient de nous rejoindre !", html.EscapeString(team.Name)), "info"); err != nil {
|
||||
log.Printf("%s [WRN] Unable to create event: %s\n", id, err)
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue