disallow newlines in urls

This commit is contained in:
neri 2021-09-10 01:45:12 +02:00
parent 32e411a4d5
commit b91ef4ab80
1 changed files with 1 additions and 1 deletions

View File

@ -88,7 +88,7 @@ async fn build_text_response(path: &Path) -> Result<HttpResponse, Error> {
error::ErrorInternalServerError("this file should be here but could not be found") error::ErrorInternalServerError("this file should be here but could not be found")
})?; })?;
let encoded = htmlescape::encode_minimal(&content); let encoded = htmlescape::encode_minimal(&content);
let html = if Url::from_str(&content).is_ok() { let html = if !content.contains(&['\n', '\r'][..]) && Url::from_str(&content).is_ok() {
let attribute_encoded = htmlescape::encode_attribute(&content); let attribute_encoded = htmlescape::encode_attribute(&content);
URL_VIEW_HTML URL_VIEW_HTML
.replace("{link_content}", &encoded) .replace("{link_content}", &encoded)