projects / oweals / uhttpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d3b9560) | patch
file: escape strings in HTML output
authorJo-Philipp Wich <jo@mein.io>
Wed, 4 Apr 2018 14:58:11 +0000 (16:58 +0200)
committerJo-Philipp Wich <jo@mein.io>
Wed, 4 Apr 2018 15:17:43 +0000 (17:17 +0200)
commit8109b957b668a90d4a9b00f1e9db3d8d7e491bf3
tree89e4696334a6b8dae88a5dbc0cb6c89d4b801222tree | snapshot
parentd3b95607a7f0961038674c7651a50215a0eb2db1commit | diff
file: escape strings in HTML output

Escape untrusted input like the request URL or filesystem paths in HTML
outputs such as the directory listing or 404 error messages.

This fixes certain XSS vulnerabilities which can be leveraged to further
exploit the system.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
file.c diff | blob | history
utils.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.