aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 14:04:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix several HTML injections (#4545)

Browse Source
This commit is contained in:
Nicolas Dorier
2023-01-22 03:08:12 +09:00
committed by GitHub
parent 5f24b41250
commit a3203e5775
22 changed files with 59 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
BTCPayServer/Controllers/UIManageController.APIKeys.cs
View File

@@ -2,9 +2,11 @@ using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
using BTCPayServer.Abstractions.Extensions;
using BTCPayServer.Abstractions.Models;
using BTCPayServer.Abstractions.Services;
using BTCPayServer.Client;
using BTCPayServer.Data;
using BTCPayServer.Models;
@@ -41,7 +43,7 @@ namespace BTCPayServer.Controllers
return View("Confirm", new ConfirmModel
{
Title = "Delete API key",
Description = $"Any application using the API key <strong>{key.Label ?? key.Id}<strong> will immediately lose access.",
Description = $"Any application using the API key <strong>{Html.Encode(key.Label ?? key.Id)}<strong> will immediately lose access.",
Action = "Delete",
ActionName = nameof(DeleteAPIKeyPost)
});