aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 14:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix xxs vulns

Browse Source
This commit is contained in:
nicolas.dorier
2017-10-24 14:52:19 +09:00
parent 9a0d0a7124
commit a5bd27661b
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
BTCPayServer/Extensions.cs
View File

@@ -49,10 +49,10 @@ namespace BTCPayServer
}
private static JsonSerializerSettings jsonSettings = new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver() };
public static HtmlString ToJson(this object o)
public static string ToJson(this object o)
{
var res = JsonConvert.SerializeObject(o, Formatting.None, jsonSettings);
return new HtmlString(res);
return res;
}
}
}

3
BTCPayServer/Views/Invoice/Checkout.cshtml
View File

@@ -1,4 +1,5 @@
@model PaymentModel
@inject System.Text.Encodings.Web.JavaScriptEncoder jsEncoder;
@{
Layout = null;
ViewData["Title"] = "Payment";
@@ -27,7 +28,7 @@
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.qrcode/1.0/jquery.qrcode.min.js"></script>
<script type="text/javascript">
var srvModel = JSON.parse('@Model.ToJson()');
var srvModel = JSON.parse('@jsEncoder.Encode(Model.ToJson())');
</script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script>
<script src="~/js/core.js" type="text/javascript" defer="defer"></script>