docker
/
model-runner
mirror of https://github.com/docker/model-runner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Potential fix for code scanning alert no. 459: Reflected cross-site scripting 

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Ignasi 2025-03-06 15:54:51 +01:00 committed by Jacob Howard
parent 1c24c91ea9
commit 70e59ffd36
No known key found for this signature in database
GPG Key ID: 3E8B8F7FEB46FC66
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/inference/models/manager.go
View File

@ -12,6 +12,7 @@ import (
"github.com/docker/model-distribution/pkg/types"
"github.com/docker/model-runner/pkg/logger"
"github.com/docker/model-runner/pkg/paths"
"html"
)
const (
@ -311,7 +312,8 @@ type progressResponseWriter struct {
func (w *progressResponseWriter) Write(p []byte) (n int, err error) {
// Write the data as a Server-Sent Event
_, err = fmt.Fprintf(w.writer, "%s", strings.TrimSpace(string(p)))
escapedData := html.EscapeString(strings.TrimSpace(string(p)))
_, err = fmt.Fprintf(w.writer, "%s", escapedData)
if err != nil {
return 0, err
}