fixes #1075 - XSS in "Active Devices" Panel of Admin Dashboard

This commit is contained in:
Luke 2015-12-25 16:21:18 -05:00 committed by Luke Pulverenti
parent 94ec8d87b8
commit 2fa34a236b

View File

@ -175,11 +175,22 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security
if (param.Length == 2) if (param.Length == 2)
{ {
result.Add(param[0], param[1].Trim(new[] { '"' })); var value = NormalizeValue (param[1].Trim(new[] { '"' }));
result.Add(param[0], value);
} }
} }
return result; return result;
} }
private string NormalizeValue(string value)
{
if (string.IsNullOrWhiteSpace (value))
{
return value;
}
return System.Net.WebUtility.HtmlEncode(value);
}
} }
} }