fix for xss issue

2016-08-17 20:55:23 +03:00
parent 6c4ccf7a6d
commit 11f1263a62
21 changed files with 529 additions and 531 deletions
--- a/src/main/template/status_code.handlebars
+++ b/src/main/template/status_code.handlebars
@@ -1,5 +1,5 @@
-<td width='15%' class='code'>{{code}}</td>
-<td class="markdown">{{{message}}}</td>
+<td width='15%' class='code'>{{{escape code}}}</td>
+<td class="markdown">{{{escape message}}}</td>
 <td width='50%'><span class="model-signature" /></td>
 <td class="headers">
  <table>
@@ -7,8 +7,8 @@
      {{#each headers}}
      <tr>
        <td>{{@key}}</td>
-        <td>{{this.description}}</td>
-        <td>{{this.type}}</td>
+        <td>{{{sanitize this.description}}}</td>
+        <td>{{{escape this.type}}}</td>
      </tr>
      {{/each}}
    </tbody>