Plexus/Module-HTTPD
1
0
Fork 0
mirror of https://github.com/plexusorg/Module-HTTPD.git synced 2024-11-23 20:25:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve sanitization

Browse Source
This commit is contained in:
ayunami2000 2022-04-17 20:23:23 -04:00
parent 1802d91fad
commit 6e79310ef8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/dev/plex/request/impl/SchematicDownloadEndpoint.java
View File

@ -95,7 +95,7 @@ public class SchematicDownloadEndpoint extends AbstractServlet
Arrays.sort(alphabetical);
for (File worldeditFile : alphabetical)
{
String sanitizedName = worldeditFile.getName().replaceAll("<[^>]*>", "");
String sanitizedName = worldeditFile.getName().replaceAll("<","&lt;").replaceAll(">","&gt;");
sb.append("<tr>" +
"<th scope=\"row\"><a href=\"" + worldeditFile.getName() + "\" download>" + sanitizedName + "</a></th>" +
"<td>" + formattedSize(worldeditFile.length()) + "</td>" +