fix: reflected XSS vulnerability plist api

2025-04-22 21:04:07 +08:00 · 2023-11-24 16:46:48 +08:00 · 2023-11-24 16:46:48 +08:00 · 6100647310
commit 6100647310
parent 34746e951c
1 changed files with 2 additions and 0 deletions
--- a/server/handles/helper.go
+++ b/server/handles/helper.go
@ -45,6 +45,8 @@ func Plist(c *gin.Context) {
 	}
 	fullName := c.Param("name")
 	Url := link.String()
+	Url = strings.ReplaceAll(Url, "<", "[")
+	Url = strings.ReplaceAll(Url, ">", "]")
 	nameEncode := linkNameSplit[1]
 	fullName, err = url.PathUnescape(nameEncode)
 	if err != nil {