Replace hostname string if it contains invalid characters

Signed-off-by: yubiuser <github@yubiuser.dev>
2025-12-24 12:48:29 +00:00 · 2025-04-26 23:39:39 +02:00
parent 6e4a17d8b3
commit d0829308db
1 changed files with 9 additions and 9 deletions
--- a/scripts/lua/header.lp
+++ b/scripts/lua/header.lp
@@ -40,19 +40,19 @@ function in_array (val, tab)
    return false
 end

-- Function to escape HTML characters
-function escape_html(str)
-    -- Replace special characters with HTML entities
-    str = str:gsub("&", "&amp;")
-    str = str:gsub("<", "&lt;")
-    str = str:gsub(">", "&gt;")
-    str = str:gsub('"', "&quot;")
-    str = str:gsub("'", "&apos;")
+-- Function to sanitize hostname containing invalid HTML characters
+function sanitize_hostname(str)
+    -- Check if string contains any of the HTML special characters
+    if str:find("&<>\"'") then
+        return "invalid hostname"
+    end
+
+    -- Return the original string if no special characters are found
    return str
 end

 -- Sanitize hostname
-hostname = escape_html(hostname)
+hostname = sanitize_hostname(hostname)

 -- Variable to check if user is already authenticated
 is_authenticated = mg.request_info.is_authenticated