backend: fix XSS in team name and events
This commit is contained in:
parent
ca8bac1ac8
commit
429cd3010c
4 changed files with 9 additions and 5 deletions
|
|
@ -5,6 +5,7 @@ import (
|
|||
"encoding/binary"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"html"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"math/rand"
|
||||
|
|
@ -38,7 +39,7 @@ func treatRename(pathname string, team fic.Team) {
|
|||
log.Printf("%s [WRN] Unable to change team name: %s\n", id, err)
|
||||
}
|
||||
genTeamQueue <- &team
|
||||
if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe <strong>%s</strong> qui vient de nous rejoindre !", team.Name), "info"); err != nil {
|
||||
if _, err := fic.NewEvent(fmt.Sprintf("Souhaitons bonne chance à l'équipe <strong>%s</strong> qui vient de nous rejoindre !", html.EscapeString(team.Name)), "info"); err != nil {
|
||||
log.Printf("%s [WRN] Unable to create event: %s\n", id, err)
|
||||
}
|
||||
appendGenQueue(genStruct{Type: GenEvents})
|
||||
|
|
|
|||
Reference in a new issue