syntaxbullet/AuroraBot-discord
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Implement secure static file serving with path traversal protection and XSS prevention for template titles.

Browse Source
This commit is contained in:
syntaxbullet
2026-01-07 12:51:08 +01:00
parent 2a1c4e65ae
commit 894cad91a8
7 changed files with 98 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/web/views/layout.ts
View File

@@ -1,15 +1,18 @@
import { escapeHtml } from "../utils/html";
interface LayoutProps {
title: string;
content: string;
}
export function BaseLayout({ title, content }: LayoutProps): string {
const safeTitle = escapeHtml(title);
return `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>${title} | Aurora</title>
<title>${safeTitle} | Aurora</title>
<link rel="stylesheet" href="/style.css">
<meta name="description" content="Aurora Bot Web Interface">
</head>