Skip to content
Permalink
Browse files Browse the repository at this point in the history
HtmlEncode Raw URL in HtmlFormat snapshot
  • Loading branch information
mythz committed Aug 17, 2018
1 parent 2c6fbe4 commit a0e0d7d
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/ServiceStack/Formats/HtmlFormat.cs
Expand Up @@ -90,12 +90,13 @@ public async Task SerializeToStreamAsync(IRequest req, object response, Stream o
{
// Serialize then escape any potential script tags to avoid XSS when displaying as HTML
var json = JsonDataContractSerializer.Instance.SerializeToString(dto) ?? "null";
json = json.Replace("<", "&lt;").Replace(">", "&gt;");
json = json.HtmlEncode();

var url = req.ResolveAbsoluteUrl()
.Replace("format=html", "")
.Replace("format=shtm", "")
.TrimEnd('?', '&');
.TrimEnd('?', '&')
.HtmlEncode();

url += url.Contains("?") ? "&" : "?";

Expand Down

0 comments on commit a0e0d7d

Please sign in to comment.