RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 05:18:12 +00:00
Code Issues Activity Actions

WebServer: Escape HTML entities in path names in directory listings

Browse source 
I left a FIXME in here about implementing URL encoding.
This commit is contained in:
Andreas Kling 2020-02-13 08:51:14 +01:00
parent 3e486f75ff
commit f767085eb6
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Servers/WebServer/Client.cpp
View file

@ -132,11 +132,11 @@ void Client::handle_directory_listing(const String& requested_path, const String
builder.append("<!DOCTYPE html>\n");
builder.append("<html>\n");
builder.append("<head><title>Index of ");
builder.append(requested_path);
builder.append(escape_html_entities(requested_path));
builder.append("</title></head>\n");
builder.append("<body>\n");
builder.append("<h1>Index of ");
builder.append(requested_path);
builder.append(escape_html_entities(requested_path));
builder.append("</h1>\n");
builder.append("<hr>\n");
builder.append("<pre>\n");
@ -145,9 +145,10 @@ void Client::handle_directory_listing(const String& requested_path, const String
while (dt.has_next()) {
auto name = dt.next_path();
builder.append("<a href=\"");
// FIXME: urlencode
builder.append(name);
builder.append("\">");
builder.append(name);
builder.append(escape_html_entities(name));
builder.append("</a>");
for (size_t i = 0; i < (40 - name.length()); ++i)
builder.append(' ');