Browse Source

Fix table tag XSS in user infomation

pull/6/head
Menci 8 years ago
parent
commit
e4f51eb821
  1. 2
      views/index.ejs
  2. 2
      views/ranklist.ejs

2
views/index.ejs

@ -43,7 +43,9 @@
<td><a href="<%= syzoj.utils.makeUrl(['user', user.id]) %>"><%= user.username %></a><% if (user.nameplate) { %><%- user.nameplate %><% } %></td> <td><a href="<%= syzoj.utils.makeUrl(['user', user.id]) %>"><%= user.username %></a><% if (user.nameplate) { %><%- user.nameplate %><% } %></td>
<td> <td>
<div style="max-height: 70px; overflow: hidden; "> <div style="max-height: 70px; overflow: hidden; ">
<table width="100%"><tr style="border: none; "><td style="padding: 0; ">
<%- user.information %> <%- user.information %>
</td></table>
</div> </div>
</td> </td>
</tr> </tr>

2
views/ranklist.ejs

@ -27,7 +27,9 @@
<td><a href="<%= syzoj.utils.makeUrl(['user', user.id]) %>"><%= user.username %></a><% if (user.nameplate) { %><%- user.nameplate %><% } %></td> <td><a href="<%= syzoj.utils.makeUrl(['user', user.id]) %>"><%= user.username %></a><% if (user.nameplate) { %><%- user.nameplate %><% } %></td>
<td> <td>
<div style="max-height: 70px; overflow: hidden; "> <div style="max-height: 70px; overflow: hidden; ">
<table width="100%"><tr style="border: none; "><td style="padding: 0; ">
<%- user.information %> <%- user.information %>
</td></tr></table>
</div> </div>
</td> </td>
<td><%= user.ac_num %></td> <td><%= user.ac_num %></td>

Loading…
Cancel
Save