go/kratos
1
0
Fork 0
mirror of https://github.com/go-kratos/kratos.git synced 2025-01-07 23:02:12 +02:00
Code Issues Releases Activity

fix http response XSS (#26)

Browse Source
This commit is contained in:
Felix Hao 2019-04-24 09:38:57 +08:00 committed by GitHub
parent e39351d0d1
commit d23ca7df4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/net/http/blademaster/context.go
View File

@ -5,6 +5,7 @@ import (
"math"
"net/http"
"strconv"
"text/template"
"github.com/bilibili/kratos/pkg/ecode"
"github.com/bilibili/kratos/pkg/net/http/blademaster/binding"
@ -144,9 +145,8 @@ func (c *Context) Render(code int, r render.Render) {
}
params := c.Request.Form
cb := params.Get("callback")
jsonp := cb != "" && params.Get("jsonp") == "jsonp"
cb := template.JSEscapeString(params.Get("callback"))
jsonp := cb != ""
if jsonp {
c.Writer.Write([]byte(cb))
c.Writer.Write(_openParen)