Plexus-Mirror/Module-HTTPD
1
0
Fork 0
mirror of https://github.com/plexusorg/Module-HTTPD.git synced 2024-12-22 07:55:01 +00:00
Code Issues Projects Releases Wiki Activity

improve sanitization

Browse source
This commit is contained in:
ayunami2000 2022-04-17 20:23:23 -04:00
parent 1802d91fad
commit 6e79310ef8
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/main/java/dev/plex/request/impl/SchematicDownloadEndpoint.java
View file

@ -95,7 +95,7 @@ public class SchematicDownloadEndpoint extends AbstractServlet
Arrays.sort(alphabetical);
for (File worldeditFile : alphabetical)
{
String sanitizedName = worldeditFile.getName().replaceAll("<[^>]*>", "");
String sanitizedName = worldeditFile.getName().replaceAll("<","&lt;").replaceAll(">","&gt;");
sb.append("<tr>" +
"<th scope=\"row\"><a href=\"" + worldeditFile.getName() + "\" download>" + sanitizedName + "</a></th>" +
"<td>" + formattedSize(worldeditFile.length()) + "</td>" +