mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-18 20:15:14 +02:00
21 lines
544 B
Go
21 lines
544 B
Go
// Unsafe: text/template `template.New("x").Parse(src)` where src is
|
|
// taken from a request query parameter. Tainted template source =
|
|
// SSTI; html/template's auto-escaping applies during Execute, not Parse,
|
|
// so a tainted source still yields template injection.
|
|
|
|
package ssti
|
|
|
|
import (
|
|
"net/http"
|
|
"text/template"
|
|
)
|
|
|
|
func Handler(w http.ResponseWriter, r *http.Request) {
|
|
src := r.URL.Query().Get("template")
|
|
tpl, err := template.New("x").Parse(src)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), 500)
|
|
return
|
|
}
|
|
tpl.Execute(w, nil)
|
|
}
|