Skip to content
Permalink
Browse files

HtmlEncode Raw URL in HtmlFormat snapshot

  • Loading branch information...
mythz committed Aug 17, 2018
1 parent 2c6fbe4 commit a0e0d7de20f5d1712f1793f925496def4383c610
Showing with 3 additions and 2 deletions.
  1. +3 −2 src/ServiceStack/Formats/HtmlFormat.cs
@@ -90,12 +90,13 @@ public async Task SerializeToStreamAsync(IRequest req, object response, Stream o
{
// Serialize then escape any potential script tags to avoid XSS when displaying as HTML
var json = JsonDataContractSerializer.Instance.SerializeToString(dto) ?? "null";
json = json.Replace("<", "&lt;").Replace(">", "&gt;");
json = json.HtmlEncode();

var url = req.ResolveAbsoluteUrl()
.Replace("format=html", "")
.Replace("format=shtm", "")
.TrimEnd('?', '&');
.TrimEnd('?', '&')
.HtmlEncode();

url += url.Contains("?") ? "&" : "?";

0 comments on commit a0e0d7d

Please sign in to comment.
You can’t perform that action at this time.