From c9eb00221e1f353ed9663025b68a15a0f6a7beb0 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Wed, 30 Aug 2017 11:31:14 +0100 Subject: [PATCH] escape title and login, to prevent XSS Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- src/github.com/matrix-org/go-neb/services/github/github.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/github.com/matrix-org/go-neb/services/github/github.go b/src/github.com/matrix-org/go-neb/services/github/github.go index 1491689..5d55db5 100644 --- a/src/github.com/matrix-org/go-neb/services/github/github.go +++ b/src/github.com/matrix-org/go-neb/services/github/github.go @@ -20,6 +20,7 @@ import ( "github.com/matrix-org/go-neb/services/github/client" "github.com/matrix-org/go-neb/types" "github.com/matrix-org/gomatrix" + "html" ) // ServiceType of the Github service @@ -118,7 +119,8 @@ func (s *Service) cmdGithubSearch(roomID, userID string, args []string) (interfa if issue.HTMLURL == nil || issue.User.Login == nil || issue.Title == nil { continue } - htmlBuffer.WriteString(fmt.Sprintf(`