Skip to content

Commit

Permalink
Merge pull request #1432 from sinatra/fix-1428
Browse files Browse the repository at this point in the history 
escape invalid query params, fixes #1428
  • Loading branch information
@namusyaka
namusyaka committed May 31, 2018
2 parents 5149dc9 + 1278686 commit 3742bdd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/sinatra/base.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ def unlink?
def params
super
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
raise BadRequest, "Invalid query parameters: #{e.message}"
raise BadRequest, "Invalid query parameters: #{Rack::Utils.escape_html(e.message)}"
end

private
Expand Down

0 comments on commit 3742bdd

Please sign in to comment.