Skip to content

Commit eae1246

Browse files
Copilotbart-vmware
Copilot
and
bart-vmware
authored
Fix XSS vulnerability in PATH environment variable rendering (#432)
* Initial plan * Fix XSS vulnerability by HTML-encoding before replacing delimiters Co-authored-by: bart-vmware <[email protected]> * Remove unnecessary null-conditional operator after Html.Encode Co-authored-by: bart-vmware <[email protected]> --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: bart-vmware <[email protected]>
1 parent 8d8acad commit eae1246

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Configuration/src/ConfigurationProviders/Views/Home/PlaceholderValues.cshtml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,11 @@
1515
<td>
1616
@if (Platform.IsWindows)
1717
{
18-
@Html.Raw(Model.ResolvedFromPathEnvironmentVariable?.Replace(";", "<br/>"))
18+
@Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable).Replace(";", "<br/>"))
1919
}
2020
else
2121
{
22-
@Html.Raw(Model.ResolvedFromPathEnvironmentVariable?.Replace(":", "<br/>"))
22+
@Html.Raw(Html.Encode(Model.ResolvedFromPathEnvironmentVariable).Replace(":", "<br/>"))
2323
}
2424
</td>
2525
</tr>

0 commit comments

Comments
 (0)