Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Prevent injection vulnerability in image page #12679
This is taking up nox' suggestion from #12542 and creates an img element using Rust code instead of escaping the URL. I will look at the neterror.html URL strings separately, we might do those in a similar way.
To reproduce, visit e.g. the following URL with your vulnerable Servo: