search

namecoin / ncdns

:globe_with_meridians: Namecoin to DNS bridge daemon
https://www.namecoin.org/
GNU General Public License v3.0
137 stars 41 forks source link

Escaping HTML #53

Open JeremyRand opened 7 years ago

JeremyRand commented 7 years ago

The code at https://github.com/namecoin/ncdns/blob/09a88dc989df29910e368d9e7385bdaaeb82049f/server/web.go#L93 doesn't seem to be escaping HTML. Or at least, I can't convince myself by looking at the code that it's properly escaping HTML, and the gas static analysis tool can't convince itself of this either.

JeremyRand commented 7 years ago

@hlandau any chance you could improve this?