Skip to content

Commit a61bee0

Browse files
author
spout
committed
Update controllers/user.js
解决头像url被注入bug
1 parent 81f8388 commit a61bee0

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

controllers/user.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ exports.setting = function (req, res, next) {
115115
email = sanitize(email).xss();
116116
var url = sanitize(req.body.url).trim();
117117
url = sanitize(url).xss();
118-
var profile_image_url = sanitize(req.body.profile_image_url).trim();
118+
var profile_image_url = sanitize(sanitize(req.body.profile_image_url).trim()).xss();
119119
var location = sanitize(req.body.location).trim();
120120
location = sanitize(location).xss();
121121
var signature = sanitize(req.body.signature).trim();

0 commit comments

Comments
 (0)