Skip to content

Commit

Permalink
fix: escape msg in render restricted error html (#12889)
Browse files Browse the repository at this point in the history
  • Loading branch information
patak-dev authored Apr 18, 2023
1 parent 8c5f1d8 commit 3aa2127
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 1 deletion.
2 changes: 2 additions & 0 deletions packages/vite/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@
"@rollup/plugin-typescript": "^11.0.0",
"@rollup/pluginutils": "^5.0.2",
"@types/pnpapi": "^0.0.2",
"@types/escape-html": "^1.0.0",
"acorn": "^8.8.2",
"acorn-walk": "^8.2.0",
"cac": "^6.7.14",
Expand All @@ -100,6 +101,7 @@
"dotenv": "^16.0.3",
"dotenv-expand": "^9.0.0",
"es-module-lexer": "^1.2.0",
"escape-html": "^1.0.3",
"estree-walker": "^3.0.3",
"etag": "^1.8.1",
"fast-glob": "^3.2.12",
Expand Down
3 changes: 2 additions & 1 deletion packages/vite/src/node/server/middlewares/static.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import type { OutgoingHttpHeaders, ServerResponse } from 'node:http'
import type { Options } from 'sirv'
import sirv from 'sirv'
import type { Connect } from 'dep-types/connect'
import escapeHtml from 'escape-html'
import type { ViteDevServer } from '../..'
import { FS_PREFIX } from '../../constants'
import {
Expand Down Expand Up @@ -236,7 +237,7 @@ function renderRestrictedErrorHTML(msg: string): string {
return html`
<body>
<h1>403 Restricted</h1>
<p>${msg.replace(/\n/g, '<br/>')}</p>
<p>${escapeHtml(msg).replace(/\n/g, '<br/>')}</p>
<style>
body {
padding: 1em 2em;
Expand Down
10 changes: 10 additions & 0 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 3aa2127

Please sign in to comment.