Permalink
Browse files

Update lib/rack/directory.rb

fix XSS
  • Loading branch information...
snyff committed Feb 20, 2013
1 parent dd2d7d5 commit 66b41c8394569e87b85122d7b2cdf194017b82c3
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/rack/directory.rb
View
@@ -127,7 +127,7 @@ def list_path
end
def entity_not_found
- body = "Entity not found: #{@path_info}\n"
+ body = "Entity not found: #{Utils.escape_html(@path_info)}\n"
size = Rack::Utils.bytesize(body)
return [404, {"Content-Type" => "text/plain",
"Content-Length" => size.to_s,

0 comments on commit 66b41c8

Please sign in to comment.