From 22e74373d9a33ef8b527247adcc57476515404cc Mon Sep 17 00:00:00 2001 From: Max Magorsch Date: Mon, 20 Apr 2020 16:13:50 +0200 Subject: Escape the user comments Signed-off-by: Max Magorsch --- pkg/app/handler/cvetool/index.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkg/app/handler/cvetool/index.go b/pkg/app/handler/cvetool/index.go index bf70536..76da7b3 100644 --- a/pkg/app/handler/cvetool/index.go +++ b/pkg/app/handler/cvetool/index.go @@ -11,6 +11,8 @@ import ( "encoding/json" "fmt" "github.com/go-pg/pg/v9/orm" + "glsamaker/pkg/models/users" + "html" "net/http" "strconv" "strings" @@ -125,6 +127,18 @@ func CveData(w http.ResponseWriter, r *http.Request) { } references := strings.Join(referenceList, ", ") + for k,_ := range cve.Comments { + cve.Comments[k].Message = html.EscapeString(cve.Comments[k].Message) + cve.Comments[k].User = &users.User{ + Id: cve.Comments[k].User.Id, + Email: cve.Comments[k].User.Email, + Nick: cve.Comments[k].User.Nick, + Name: cve.Comments[k].User.Name, + Password: users.Argon2Parameters{}, + Badge: cve.Comments[k].User.Badge, + } + } + comments, _ := json.Marshal(cve.Comments) packages, _ := json.Marshal(cve.Packages) -- cgit v1.2.3-65-gdbad