fixes #1075 - XSS in "Active Devices" Panel of Admin Dashboard

pull/702/head
Luke 9 years ago
parent da5fc95612
commit 9c3119808b

@ -175,11 +175,22 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
if (param.Length == 2)
{
result.Add(param[0], param[1].Trim(new[] { '"' }));
var value = NormalizeValue (param[1].Trim(new[] { '"' }));
result.Add(param[0], value);
}
}
return result;
}
private string NormalizeValue(string value)
{
if (string.IsNullOrWhiteSpace (value))
{
return value;
}
return System.Net.WebUtility.HtmlEncode(value);
}
}
}

Loading…
Cancel
Save