archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cmd/derper: add missing html.EscapeString calls in /debug page

Browse Source 
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
pull/767/head
Josh Bleecher Snyder 4 years ago committed by Josh Bleecher Snyder
parent e862f90e34
commit 3fa863e6d9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File

5
cmd/derper/derper.go
Unescape Escape View File

@ -13,6 +13,7 @@ import (
"expvar" "expvar"
"flag" "flag"
"fmt" "fmt"
"html"
"io" "io"
"io/ioutil" "io/ioutil"
"log" "log"
@ -229,10 +230,10 @@ func debugHandler(s *derp.Server) http.Handler {
<h1>DERP debug</h1> <h1>DERP debug</h1>
<ul> <ul>
`) `)
f("<li><b>Hostname:</b> %v</li>\n", *hostname) f("<li><b>Hostname:</b> %v</li>\n", html.EscapeString(*hostname))
f("<li><b>Uptime:</b> %v</li>\n", tsweb.Uptime()) f("<li><b>Uptime:</b> %v</li>\n", tsweb.Uptime())
f("<li><b>Mesh Key:</b> %v</li>\n", s.HasMeshKey()) f("<li><b>Mesh Key:</b> %v</li>\n", s.HasMeshKey())
f("<li><b>Version:</b> %v</li>\n", version.LONG) f("<li><b>Version:</b> %v</li>\n", html.EscapeString(version.LONG))
f(`<li><a href="/debug/vars">/debug/vars</a> (Go)</li> f(`<li><a href="/debug/vars">/debug/vars</a> (Go)</li>
<li><a href="/debug/varz">/debug/varz</a> (Prometheus)</li> <li><a href="/debug/varz">/debug/varz</a> (Prometheus)</li>

Write Preview
Loading…
Cancel
Save