From b1a8e1e5b2da8c196519f618c892049ed5f311a0 Mon Sep 17 00:00:00 2001 From: florin <30274513+cyclecraze@users.noreply.github.com> Date: Sun, 30 Aug 2020 13:09:12 -0400 Subject: [PATCH] vweb: escape form key, not only value. (#6269) --- vlib/vweb/vweb.v | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vlib/vweb/vweb.v b/vlib/vweb/vweb.v index 8c5859db23..756d4c7907 100644 --- a/vlib/vweb/vweb.v +++ b/vlib/vweb/vweb.v @@ -494,7 +494,9 @@ fn (mut ctx Context) parse_form(s string) { } keyval := word.trim_space().split('=') if keyval.len != 2 { continue } - key := keyval[0] + key := urllib.query_unescape(keyval[0]) or { + continue + } val := urllib.query_unescape(keyval[1]) or { continue }