disallow newlines in urls

This commit is contained in:
neri 2021-09-10 01:45:12 +02:00
parent 77d00caccc
commit 4396bb1b56
1 changed files with 1 additions and 1 deletions

View File

@ -88,7 +88,7 @@ async fn build_text_response(path: &Path) -> Result<HttpResponse, Error> {
error::ErrorInternalServerError("this file should be here but could not be found")
})?;
let encoded = htmlescape::encode_minimal(&content);
let html = if Url::from_str(&content).is_ok() {
let html = if !content.contains(&['\n', '\r'][..]) && Url::from_str(&content).is_ok() {
let attribute_encoded = htmlescape::encode_attribute(&content);
URL_VIEW_HTML
.replace("{link_content}", &encoded)