Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Magorsch <arzano@gentoo.org>2020-04-20 16:13:50 +0200
committerMax Magorsch <arzano@gentoo.org>2020-04-20 16:13:50 +0200
commit22e74373d9a33ef8b527247adcc57476515404cc (patch)
tree3840d3fcd0d4d8d6527019ea43bf8a5bf65edc25
parentAdd permission for manually creating CVEs (diff)
downloadglsamaker-22e74373d9a33ef8b527247adcc57476515404cc.tar.gz
glsamaker-22e74373d9a33ef8b527247adcc57476515404cc.tar.bz2
glsamaker-22e74373d9a33ef8b527247adcc57476515404cc.zip
Escape the user comments
Signed-off-by: Max Magorsch <arzano@gentoo.org>
Diffstat
-rw-r--r--pkg/app/handler/cvetool/index.go14
1 files changed, 14 insertions, 0 deletions
diff --git a/pkg/app/handler/cvetool/index.go b/pkg/app/handler/cvetool/index.go
index bf70536..76da7b3 100644
--- a/pkg/app/handler/cvetool/index.go
+++ b/pkg/app/handler/cvetool/index.go
@@ -11,6 +11,8 @@ import (
"encoding/json"
"fmt"
"github.com/go-pg/pg/v9/orm"
+ "glsamaker/pkg/models/users"
+ "html"
"net/http"
"strconv"
"strings"
@@ -125,6 +127,18 @@ func CveData(w http.ResponseWriter, r *http.Request) {
}
references := strings.Join(referenceList, ", ")
+ for k,_ := range cve.Comments {
+ cve.Comments[k].Message = html.EscapeString(cve.Comments[k].Message)
+ cve.Comments[k].User = &users.User{
+ Id: cve.Comments[k].User.Id,
+ Email: cve.Comments[k].User.Email,
+ Nick: cve.Comments[k].User.Nick,
+ Name: cve.Comments[k].User.Name,
+ Password: users.Argon2Parameters{},
+ Badge: cve.Comments[k].User.Badge,
+ }
+ }
+
comments, _ := json.Marshal(cve.Comments)
packages, _ := json.Marshal(cve.Packages)