about summary refs log tree commit diff
path: root/web/panettone/src/util.lisp
diff options
context:
space:
mode:
authorsterni <sternenseemann@systemli.org>2021-01-15T13·39+0100
committersterni <sternenseemann@systemli.org>2021-01-25T20·11+0000
commit7e408c874ac9b84f62bd48a3a6f2b57bae866d29 (patch)
tree434ff06a5e7a07bf4e8a892979df1f135e80b223 /web/panettone/src/util.lisp
parent71946b84b8a9ffba3a9fa627f34e5dbabec50b4b (diff)
fix(panettone): escape value attr of inputs if dynamic content r/2143
I checked all :value attributes in panettone.lisp and wrapped them with
who:escape-string if its value comes from user-influenced places. Static
values or values from panettone internals are left as is.

I did not do a comprehensive check for other places where something
similar could happen though.

Fixes #92.

Change-Id: I134acc0d2f025f173588b37c19a93589365e879b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2401
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Diffstat (limited to 'web/panettone/src/util.lisp')
0 files changed, 0 insertions, 0 deletions