From 2dd067170b49ab967e6e5896c4bc9ef694fd0438 Mon Sep 17 00:00:00 2001
From: hunterale <hunterale>
Date: Sun, 17 Jan 2021 17:56:43 +0100
Subject: [PATCH] escaping of dangerous characters to prevent reflected xss

---
 server/src/main/resources/web/fileNotSupported.ftl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/src/main/resources/web/fileNotSupported.ftl b/server/src/main/resources/web/fileNotSupported.ftl
index 5276c9e3a..5f755d6fe 100644
--- a/server/src/main/resources/web/fileNotSupported.ftl
+++ b/server/src/main/resources/web/fileNotSupported.ftl
@@ -32,7 +32,8 @@
 <div class="container">
     <img src="images/sorry.jpg" />
     <span>
-        该文件类型(${file.suffix})系统暂时不支持在线预览，<b>说明</b>：
+    该文件类型(${file.suffix?html})系统暂时不支持在线预览，<b>说明</b>：      
+    
         <p style="color: red;">${msg}</p>
         有任何疑问，请加&nbsp;<a href="https://jq.qq.com/?_wv=1027&k=5c0UAtu">官方QQ群：613025121</a>&nbsp;咨询
     </span>