Plexus/Module-HTTPD
1
0
Fork 0
mirror of https://github.com/plexusorg/Module-HTTPD.git synced 2024-11-24 04:35:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve sanitization

Browse Source
This commit is contained in:
ayunami2000 2022-04-17 20:23:23 -04:00
parent 1802d91fad
commit 6e79310ef8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/dev/plex/request/impl/SchematicDownloadEndpoint.java
View File

@ -95,7 +95,7 @@ public class SchematicDownloadEndpoint extends AbstractServlet
Arrays.sort(alphabetical); Arrays.sort(alphabetical);
for (File worldeditFile : alphabetical) for (File worldeditFile : alphabetical)
{ {
String sanitizedName = worldeditFile.getName().replaceAll("<[^>]*>", ""); String sanitizedName = worldeditFile.getName().replaceAll("<","&lt;").replaceAll(">","&gt;");
sb.append("<tr>" + sb.append("<tr>" +
"<th scope=\"row\"><a href=\"" + worldeditFile.getName() + "\" download>" + sanitizedName + "</a></th>" + "<th scope=\"row\"><a href=\"" + worldeditFile.getName() + "\" download>" + sanitizedName + "</a></th>" +
"<td>" + formattedSize(worldeditFile.length()) + "</td>" + "<td>" + formattedSize(worldeditFile.length()) + "</td>" +