diff options
author | David Mehren | 2021-05-09 15:35:06 +0200 |
---|---|---|
committer | David Mehren | 2021-05-09 19:28:44 +0200 |
commit | f552b14e11761a73237b3b3834827dde151b8b28 (patch) | |
tree | 6cdaafc4fd26b6e3530468ea5e5a0657b74cbeb2 /public/views/hackmd/body.ejs | |
parent | 4a0216096a6aa1ebba9d8b0ada067c73ffa1513f (diff) |
Sanitize username and photo URL
HedgeDoc displays the username and user photo at various places
by rendering the respective variables into an `ejs` template.
As the values are user-provided or generated from user-provided data,
it may be possible to inject unwanted HTML.
This commit sanitizes the username and photo URL by passing them
through the `xss` library.
Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions