mirror of
https://codeberg.org/ashley/poke.git
synced 2024-11-10 08:18:29 +01:00
fix the XSS in user pages
This commit is contained in:
parent
75e4e37789
commit
d7ef10b65e
1 changed files with 11 additions and 4 deletions
|
@ -104,10 +104,17 @@ app.get("/account-create", async function (req, res) {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
app.get("/my-acc", async function (req, res) {
|
app.get("/my-acc", async function (req, res) {
|
||||||
var userid = req.query.ID
|
var userid = req.query.ID;
|
||||||
var userSubs = db.get(`user.${userid}.subs`)
|
|
||||||
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
|
|
||||||
|
|
||||||
|
// Check if userid is more than 6 characters
|
||||||
|
if (userid.length > 6) {
|
||||||
|
return res.status(400).json({ error: "IDs can be 6 characters max" });
|
||||||
|
}
|
||||||
|
|
||||||
|
var userSubs = db.get(`user.${userid}.subs`);
|
||||||
|
|
||||||
|
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
|
||||||
});
|
});
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue