lbsadmin/Beego
1
0
Fork 0
mirror of https://github.com/astaxie/beego.git synced 2025-06-20 20:30:19 +00:00
Code Issues Releases Activity

Merge pull request from chenpeiyuan/develop

Browse Source 
do html escape before display path, avoid xss
This commit is contained in:
astaxie
2018-07-20 15:33:12 +08:00
committed by GitHub
parent 96dffcd27f 47c1072b78
commit eb4e0e4030
1 changed files with 12 additions and 0 deletions

12
admin.go

@ -76,6 +76,18 @@ func adminIndex(rw http.ResponseWriter, r *http.Request) {
func qpsIndex(rw http.ResponseWriter, r *http.Request) {
data := make(map[interface{}]interface{})
data["Content"] = toolbox.StatisticsMap.GetMap()
// do html escape before display path, avoid xss
if content, ok := (data["Content"]).(map[string]interface{}); ok {
if resultLists, ok := (content["Data"]).([][]string); ok {
for i := range resultLists {
if len(resultLists[i]) > 0 {
resultLists[i][0] = template.HTMLEscapeString(resultLists[i][0])
}
}
}
}
execTpl(rw, data, qpsTpl, defaultScriptsTpl)
}