fix: reflected XSS vulnerability plist api

AlistGo · Nov 24, 2023 · 6100647 · 6100647
1 parent 34746e9
commit 6100647
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/server/handles/helper.go b/server/handles/helper.go
@@ -45,6 +45,8 @@ func Plist(c *gin.Context) {
  }
  fullName := c.Param("name")
  Url := link.String()
+ Url = strings.ReplaceAll(Url, "<", "[")
+ Url = strings.ReplaceAll(Url, ">", "]")
  nameEncode := linkNameSplit[1]
  fullName, err = url.PathUnescape(nameEncode)
  if err != nil {