gaspersic/transfer.sh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

sanitize only on inline content-disposition

Browse Source
This commit is contained in:
Andrea Spacca
2021-03-02 16:50:53 +01:00
parent 27f84e719a
commit b36711c1ea
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/handlers.go
View File

@ -1010,7 +1010,7 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Remaining-Days", remainingDays) w.Header().Set("X-Remaining-Days", remainingDays)
if strings.Contains(contentType, "html") { if disposition == "inline" && strings.Contains(contentType, "html") {
reader = ioutil.NopCloser( reader = ioutil.NopCloser(
bytes.NewReader( bytes.NewReader(
bluemonday.UGCPolicy(). bluemonday.UGCPolicy().