mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-21 23:20:24 +00:00
web: use html/template
so output is safe against code injection
This commit is contained in:
parent
5ffa34dacb
commit
4f36c1de06
3 changed files with 3 additions and 3 deletions
|
@ -3,10 +3,10 @@ package httpd
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
"text/template"
|
||||
|
||||
"github.com/drakkan/sftpgo/dataprovider"
|
||||
"github.com/go-chi/chi"
|
||||
|
|
|
@ -2,11 +2,11 @@ package httpd
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"html/template"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
"text/template"
|
||||
|
||||
"github.com/drakkan/sftpgo/dataprovider"
|
||||
"github.com/drakkan/sftpgo/sftpd"
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
<div class="form-group row">
|
||||
<label for="idPermissions" class="col-sm-2 col-form-label">Permissions</label>
|
||||
<div class="col-sm-10">
|
||||
<select class="form-control id=" idPermissions" name="permissions" required multiple>
|
||||
<select class="form-control" id="idPermissions" name="permissions" required multiple>
|
||||
{{range $validPerm := .ValidPerms}}
|
||||
<option value="{{$validPerm}}"
|
||||
{{range $perm := $.User.Permissions}}{{if eq $perm $validPerm}}selected{{end}}{{end}}>{{$validPerm}}
|
||||
|
|
Loading…
Reference in a new issue