pharnexbase
/
kratos
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix http response XSS (#26)

Browse Source
pull/33/head
Felix Hao 6 years ago committed by GitHub
parent e39351d0d1
commit d23ca7df4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      pkg/net/http/blademaster/context.go

6
pkg/net/http/blademaster/context.go
Unescape View File

@ -5,6 +5,7 @@ import (
"math" "math"
"net/http" "net/http"
"strconv" "strconv"
"text/template"
"github.com/bilibili/kratos/pkg/ecode" "github.com/bilibili/kratos/pkg/ecode"
"github.com/bilibili/kratos/pkg/net/http/blademaster/binding" "github.com/bilibili/kratos/pkg/net/http/blademaster/binding"
@ -144,9 +145,8 @@ func (c *Context) Render(code int, r render.Render) {
} }
params := c.Request.Form params := c.Request.Form
cb := template.JSEscapeString(params.Get("callback"))
cb := params.Get("callback") jsonp := cb != ""
jsonp := cb != "" && params.Get("jsonp") == "jsonp"
if jsonp { if jsonp {
c.Writer.Write([]byte(cb)) c.Writer.Write([]byte(cb))
c.Writer.Write(_openParen) c.Writer.Write(_openParen)

Write Preview
Loading…
Cancel
Save