kpfleming/pkg-proxy
1
0
Fork 0
forked from mirrors/pkg-proxy
Code Pull requests Activity
pkg-proxy/internal/server/templates/pages
History
Andrew Nesbitt 9e97a3316a
 Escape user-controlled strings in browse source JavaScript 
File paths from archive contents were interpolated directly into onclick
handlers and innerHTML via template literals. A crafted filename containing
quotes could break out of the string context and execute arbitrary JS.

Add an escapeHTML helper and use it on all interpolated path and URL values
in the browse source page.
2026-03-12 11:59:14 +00:00
..
browse_source.html Escape user-controlled strings in browse source JavaScript 2026-03-12 11:59:14 +00:00
compare_versions.html Refactoring and features 2026-02-03 22:40:40 +00:00
dashboard.html Refactoring and features 2026-02-03 22:40:40 +00:00
install.html Refactoring and features 2026-02-03 22:40:40 +00:00
package_show.html Refactoring and features 2026-02-03 22:40:40 +00:00
packages_list.html Remove hard-coded ecosystems from templates 2026-03-11 17:25:47 +00:00
search.html Remove hard-coded ecosystems from templates 2026-03-11 17:25:47 +00:00
version_show.html Refactoring and features 2026-02-03 22:40:40 +00:00