From bb5793d485698b8d414fb7be96ed3639b21db83e Mon Sep 17 00:00:00 2001 From: Alexander Medvednikov Date: Wed, 24 Jun 2020 22:38:25 +0200 Subject: [PATCH] vweb: more xss fixes --- vlib/vweb/vweb.v | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/vlib/vweb/vweb.v b/vlib/vweb/vweb.v index 416c274d81..657a35e4bf 100644 --- a/vlib/vweb/vweb.v +++ b/vlib/vweb/vweb.v @@ -413,7 +413,12 @@ pub fn not_found() Result { } fn filter(s string) string { - return s.replace('<', '<') + return s.replace_each([ + '<', '<', + '"', '"', + '&', '&', + ]) + } pub type RawHtml = string