p2p/simulations: escape mockerType value from request (#24822)

Co-authored-by: Felix Lange <fjl@twurst.com>
This commit is contained in:
ImanSharaf 2022-05-05 10:44:36 -07:00 committed by GitHub
parent 256aae0bfa
commit ca8e2f1ecf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -22,6 +22,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"html"
"io" "io"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
@ -336,7 +337,7 @@ func (s *Server) StartMocker(w http.ResponseWriter, req *http.Request) {
mockerType := req.FormValue("mocker-type") mockerType := req.FormValue("mocker-type")
mockerFn := LookupMocker(mockerType) mockerFn := LookupMocker(mockerType)
if mockerFn == nil { if mockerFn == nil {
http.Error(w, fmt.Sprintf("unknown mocker type %q", mockerType), http.StatusBadRequest) http.Error(w, fmt.Sprintf("unknown mocker type %q", html.EscapeString(mockerType)), http.StatusBadRequest)
return return
} }
nodeCount, err := strconv.Atoi(req.FormValue("node-count")) nodeCount, err := strconv.Atoi(req.FormValue("node-count"))