mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-22 21:35:04 +00:00
Quick fix to "Script self-injection in edit box".
In the 'Edit...' box, the sourceContent (which was written by a user) has its < replaced with < . This issue does not propagate to the public timeline nor to the recipients of the post. Reference: https://codeberg.org/grunfink/snac2/issues/53
This commit is contained in:
parent
57761020b7
commit
5be2239467
1 changed files with 4 additions and 2 deletions
6
html.c
6
html.c
|
@ -668,9 +668,11 @@ xs_str *html_entry_controls(snac *snac, xs_str *os, const xs_dict *msg, const ch
|
||||||
|
|
||||||
s = xs_str_cat(s, "</form>\n");
|
s = xs_str_cat(s, "</form>\n");
|
||||||
|
|
||||||
char *prev_src = xs_dict_get(msg, "sourceContent");
|
const char *prev_src1 = xs_dict_get(msg, "sourceContent");
|
||||||
|
|
||||||
|
if (!xs_is_null(prev_src1) && strcmp(actor, snac->actor) == 0) {
|
||||||
|
xs *prev_src = xs_replace(prev_src1, "<", "<");
|
||||||
|
|
||||||
if (!xs_is_null(prev_src) && strcmp(actor, snac->actor) == 0) {
|
|
||||||
/* post can be edited */
|
/* post can be edited */
|
||||||
xs *s1 = xs_fmt(
|
xs *s1 = xs_fmt(
|
||||||
"<p><details><summary>%s</summary>\n"
|
"<p><details><summary>%s</summary>\n"
|
||||||
|
|
Loading…
Reference in a new issue