summaryrefslogtreecommitdiff
path: root/lib/web/auth/index.js
diff options
context:
space:
mode:
authorDavid Mehren2021-05-09 15:35:06 +0200
committerDavid Mehren2021-05-09 19:28:44 +0200
commitf552b14e11761a73237b3b3834827dde151b8b28 (patch)
tree6cdaafc4fd26b6e3530468ea5e5a0657b74cbeb2 /lib/web/auth/index.js
parent4a0216096a6aa1ebba9d8b0ada067c73ffa1513f (diff)
Sanitize username and photo URL
HedgeDoc displays the username and user photo at various places by rendering the respective variables into an `ejs` template. As the values are user-provided or generated from user-provided data, it may be possible to inject unwanted HTML. This commit sanitizes the username and photo URL by passing them through the `xss` library. Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com> Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to 'lib/web/auth/index.js')
0 files changed, 0 insertions, 0 deletions