fix the XSS in user pages

This commit is contained in:
ashley 2024-05-11 02:33:43 +00:00
parent 75e4e37789
commit d7ef10b65e

View file

@ -104,10 +104,17 @@ app.get("/account-create", async function (req, res) {
} }
}); });
app.get("/my-acc", async function (req, res) { app.get("/my-acc", async function (req, res) {
var userid = req.query.ID var userid = req.query.ID;
var userSubs = db.get(`user.${userid}.subs`)
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
// Check if userid is more than 6 characters
if (userid.length > 6) {
return res.status(400).json({ error: "IDs can be 6 characters max" });
}
var userSubs = db.get(`user.${userid}.subs`);
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
}); });
}; };