Add escaping of dynamic content

This commit is contained in:
2025-09-18 09:01:31 +02:00
parent 9ddb744fdd
commit dff078537e
3 changed files with 4 additions and 5 deletions
+1 -2
View File
@@ -1,5 +1,4 @@
input validation to avoid XSS and injection
only allow signup, login ecc over HTTPS only allow signup, login ecc over HTTPS
session expiration session expiration
mark cookies as secure mark cookies as secure
consider SameSite=Strict consider SameSite=Stricts
+2 -2
View File
@@ -55,10 +55,10 @@ let main =
<div class="item"> <div class="item">
<div> <div>
<a href=\'"'\link\'"'>\post.title</a> <a href=\'"'\link\'"'>\escape(post.title)</a>
</div> </div>
<div> <div>
<span>\post.date</span> | <span>\post.num_comments comments</span> <span>\escape(post.date)</span> | <span>\escape(post.num_comments) comments</span>
</div> </div>
</div> </div>
} }
+1 -1
View File
@@ -3,7 +3,7 @@ procedure page(title, login_user_id, style, main)
<html> <html>
<head> <head>
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<title>CN - \title</title> <title>CN - \escape(title)</title>
<style> <style>
body { body {
line-height: 200%; line-height: 200%;