diff options
| author | Luke <luke.pulverenti@gmail.com> | 2015-12-25 16:21:18 -0500 |
|---|---|---|
| committer | Luke <luke.pulverenti@gmail.com> | 2015-12-25 16:21:18 -0500 |
| commit | 9c3119808b73bdc988312144cc034f55e8a8c616 (patch) | |
| tree | b9861023e3817b33a9f1fa920e1a48334dcabffc /MediaBrowser.Server.Implementations/HttpServer/Security/AuthorizationContext.cs | |
| parent | da5fc9561208d7a6befc709b148c48de48974c9b (diff) | |
fixes #1075 - XSS in "Active Devices" Panel of Admin Dashboard
Diffstat (limited to 'MediaBrowser.Server.Implementations/HttpServer/Security/AuthorizationContext.cs')
| -rw-r--r-- | MediaBrowser.Server.Implementations/HttpServer/Security/AuthorizationContext.cs | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthorizationContext.cs index 509a00ff9..75d54a80a 100644 --- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthorizationContext.cs +++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthorizationContext.cs @@ -175,11 +175,22 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security if (param.Length == 2) { - result.Add(param[0], param[1].Trim(new[] { '"' })); + var value = NormalizeValue (param[1].Trim(new[] { '"' })); + result.Add(param[0], value); } } return result; } + + private string NormalizeValue(string value) + { + if (string.IsNullOrWhiteSpace (value)) + { + return value; + } + + return System.Net.WebUtility.HtmlEncode(value); + } } } |