Skip to content

B
beego
Commit 47c1072b authored by 陈培远's avatar 陈培远
Browse files
Options

do html escape before display path, avoid xss

parent e81f1e53
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 0 deletions
admin.go
View file @ 47c1072b
...@@ -76,6 +76,18 @@ func adminIndex(rw http.ResponseWriter, r *http.Request) { ...@@ -76,6 +76,18 @@ func adminIndex(rw http.ResponseWriter, r *http.Request) {
func qpsIndex(rw http.ResponseWriter, r *http.Request) { func qpsIndex(rw http.ResponseWriter, r *http.Request) {
data := make(map[interface{}]interface{}) data := make(map[interface{}]interface{})
data["Content"] = toolbox.StatisticsMap.GetMap() data["Content"] = toolbox.StatisticsMap.GetMap()
// do html escape before display path, avoid xss
if content, ok := (data["Content"]).(map[string]interface{}); ok {
if resultLists, ok := (content["Data"]).([][]string); ok {
for i := range resultLists {
if len(resultLists[i]) > 0 {
resultLists[i][0] = template.HTMLEscapeString(resultLists[i][0])
}
}
}
}
execTpl(rw, data, qpsTpl, defaultScriptsTpl) execTpl(rw, data, qpsTpl, defaultScriptsTpl)
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment