Sanitize user-input on file name (#17666) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	Gusted <williamzijl7@hotmail.com>	2021-11-17 18:08:25 +0000
committer	GitHub <noreply@github.com>	2021-11-17 18:08:25 +0000
commit	d8a8961b99adc1554c218fee474535d4f302bd11 (patch)
tree	875b1ec50f0cef7dd4c624d52f40c092b4ba10ca /services/archiver/archiver.go
parent	5233051e64e90238bb7b6ddf9ecd1513e57bf8e9 (diff)
download	gitea-d8a8961b99adc1554c218fee474535d4f302bd11.tar.gz gitea-d8a8961b99adc1554c218fee474535d4f302bd11.zip

Sanitize user-input on file name (#17666)

* Sanitize user-input on file name - Sanitize user-input before it get passed into the DOM. - Prevent things like "<iframe onload=alert(1)></iframe>" from being executed. This isn't a XSS attack as the server seems to be santizing the path as well. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Diffstat (limited to 'services/archiver/archiver.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: