mirror of
https://codeberg.org/ashley/poke.git
synced 2024-12-24 04:08:05 +01:00
fix the XSS in user pages
This commit is contained in:
parent
75e4e37789
commit
d7ef10b65e
1 changed files with 11 additions and 4 deletions
|
@ -104,10 +104,17 @@ app.get("/account-create", async function (req, res) {
|
|||
}
|
||||
});
|
||||
|
||||
app.get("/my-acc", async function (req, res) {
|
||||
var userid = req.query.ID
|
||||
var userSubs = db.get(`user.${userid}.subs`)
|
||||
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
|
||||
app.get("/my-acc", async function (req, res) {
|
||||
var userid = req.query.ID;
|
||||
|
||||
// Check if userid is more than 6 characters
|
||||
if (userid.length > 6) {
|
||||
return res.status(400).json({ error: "IDs can be 6 characters max" });
|
||||
}
|
||||
|
||||
var userSubs = db.get(`user.${userid}.subs`);
|
||||
|
||||
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
|
||||
});
|
||||
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue