Skip to content
Permalink
Browse files

Escape error page content

  • Loading branch information...
Sidney San Martín
Sidney San Martín committed May 2, 2014
1 parent b085818 commit e9bedb644d106a043e33e1058bedd1c2c0b2e2e0
Showing with 4 additions and 3 deletions.
  1. +4 −3 libahttp/err.C
@@ -25,13 +25,14 @@

#include "resp.h"
#include "ahttp.h"
#include "pescape.h"

strbuf
http_error_t::make_body (int n, const str &si, const str &aux)
{
strbuf b;
str ldesc;
const str sdesc = http_status.get_desc (n, &ldesc);
const str sdesc = xss_escape (http_status.get_desc (n, &ldesc));
b << "<html>\n"
<< " <head>\n"
<< " <title>" << n << " " << sdesc << "</title>\n"
@@ -40,11 +41,11 @@ http_error_t::make_body (int n, const str &si, const str &aux)
<< " <h1>Error " << n << " " << sdesc << "</h1><br><br>\n"
;
if (n == HTTP_NOT_FOUND && aux) {
b << "The file <tt>" << aux
b << "The file <tt>" << xss_escape (aux)
<< "</tt> was not found on this server.<br><br>\n\n";
}
b << " <hr>\n"
<< " <i>" << si << "</i>\n"
<< " <i>" << xss_escape (si) << "</i>\n"
<< " <br>\n"
<< " </body>\n"
<< "</html>\n"

0 comments on commit e9bedb6

Please sign in to comment.
You can’t perform that action at this time.