vweb: more xss fixes

2023-08-10 21:13:21 +03:00 · 2020-06-24 22:38:25 +02:00 · 2020-06-24 22:38:25 +02:00 · bb5793d485
commit bb5793d485
parent 83b300435a
1 changed files with 6 additions and 1 deletions
--- a/vlib/vweb/vweb.v
+++ b/vlib/vweb/vweb.v
@ -413,7 +413,12 @@ pub fn not_found() Result {
 }

 fn filter(s string) string {
-	return s.replace('<', '&lt;')
+	return s.replace_each([
+		'<', '&lt;',
+		'"', '&quot;',
+		'&',  '&amp;',
+	])
+
 }

 pub type RawHtml = string