projects / oweals / uhttpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0bba1ce) | patch
cgi: escape url in 403 error output
authorJo-Philipp Wich <jo@mein.io>
Wed, 28 Nov 2018 11:36:35 +0000 (12:36 +0100)
committerJo-Philipp Wich <jo@mein.io>
Wed, 28 Nov 2018 11:36:35 +0000 (12:36 +0100)
commitcdfc902a4cb77bc538a729f9e1c8a8578454a0e5
tree22e20e398768b886c734e9891382b573367344c7tree | snapshot
parent0bba1ce1129e79fa3907b16b31da44670fa19fc5commit | diff
cgi: escape url in 403 error output

Escape the untrusted request URL input in the permission denied HTML output.

This fixes certain XSS vulnerabilities which can be leveraged to further
exploit the system.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
cgi.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.