Escape error page content

Credit to Kenneth F. Belva (https://twitter.com/infosecmaverick) https://hackerone.com/reports/3317
OkCupid · May 2, 2014 · e9bedb6 · e9bedb6
1 parent b085818
commit e9bedb6
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/libahttp/err.C b/libahttp/err.C
@@ -25,13 +25,14 @@
 
 #include "resp.h"
 #include "ahttp.h"
+#include "pescape.h"
 
 strbuf
 http_error_t::make_body (int n, const str &si, const str &aux)
 {
   strbuf b;
   str ldesc;
-  const str sdesc = http_status.get_desc (n, &ldesc);
+  const str sdesc = xss_escape (http_status.get_desc (n, &ldesc));
   b << "<html>\n"
     << " <head>\n"
     << "  <title>" << n << " " << sdesc << "</title>\n"
@@ -40,11 +41,11 @@ http_error_t::make_body (int n, const str &si, const str &aux)
     << " <h1>Error " << n << " " << sdesc << "</h1><br><br>\n"
     ;
   if (n == HTTP_NOT_FOUND && aux) {
-    b << "The file <tt>" << aux 
+    b << "The file <tt>" << xss_escape (aux)
       << "</tt> was not found on this server.<br><br>\n\n";
   }
   b << "  <hr>\n"
-    << "  <i>" << si << "</i>\n"
+    << "  <i>" << xss_escape (si) << "</i>\n"
     << " <br>\n"
     << " </body>\n"
     << "</html>\n"