improve sanitization

This commit is contained in:
ayunami2000 2022-04-17 20:23:23 -04:00
parent 1802d91fad
commit 6e79310ef8

View file

@ -95,7 +95,7 @@ public class SchematicDownloadEndpoint extends AbstractServlet
Arrays.sort(alphabetical); Arrays.sort(alphabetical);
for (File worldeditFile : alphabetical) for (File worldeditFile : alphabetical)
{ {
String sanitizedName = worldeditFile.getName().replaceAll("<[^>]*>", ""); String sanitizedName = worldeditFile.getName().replaceAll("<","&lt;").replaceAll(">","&gt;");
sb.append("<tr>" + sb.append("<tr>" +
"<th scope=\"row\"><a href=\"" + worldeditFile.getName() + "\" download>" + sanitizedName + "</a></th>" + "<th scope=\"row\"><a href=\"" + worldeditFile.getName() + "\" download>" + sanitizedName + "</a></th>" +
"<td>" + formattedSize(worldeditFile.length()) + "</td>" + "<td>" + formattedSize(worldeditFile.length()) + "</td>" +