From 4396bb1b566a88666757f6651ce8fc37bade81c8 Mon Sep 17 00:00:00 2001 From: neri Date: Fri, 10 Sep 2021 01:45:12 +0200 Subject: [PATCH] disallow newlines in urls --- src/download.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/download.rs b/src/download.rs index ec50f0b..13f63db 100644 --- a/src/download.rs +++ b/src/download.rs @@ -88,7 +88,7 @@ async fn build_text_response(path: &Path) -> Result { error::ErrorInternalServerError("this file should be here but could not be found") })?; let encoded = htmlescape::encode_minimal(&content); - let html = if Url::from_str(&content).is_ok() { + let html = if !content.contains(&['\n', '\r'][..]) && Url::from_str(&content).is_ok() { let attribute_encoded = htmlescape::encode_attribute(&content); URL_VIEW_HTML .replace("{link_content}", &encoded)