Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 07:49:41 +02:00
Code Issues Releases Activity

fix(custom-templates): XSS issue in Custom Template Note <EE-1054> (#5766)

Browse source 
fix(custom-templates): XSS issue in Custom Template Note <EE-1054> (#5766)
This commit is contained in:
Marcelo Rydel 2021-09-29 16:47:39 -03:00 committed by GitHub
parent fe8f50512c
commit fce885901f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 40 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/http/handler/customtemplates/customtemplate_update.go
View file

@ -51,6 +51,9 @@ func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
if govalidator.IsNull(payload.Description) {
return errors.New("Invalid custom template description")
}
if !isValidNote(payload.Note) {
return errors.New("Invalid note. <img> tag is not supported")
}
return nil
}