Skip to content

Commit

Permalink
p2p/simulations: escape mockerType value from request (ethereum#24822)
Browse files Browse the repository at this point in the history
Co-authored-by: Felix Lange <[email protected]>
  • Loading branch information
2 people authored and cp-wjhan committed Nov 30, 2022
1 parent 8b4dadf commit 4d831ec
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion p2p/simulations/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"context"
"encoding/json"
"fmt"
"html"
"io"
"io/ioutil"
"net/http"
Expand Down Expand Up @@ -336,7 +337,7 @@ func (s *Server) StartMocker(w http.ResponseWriter, req *http.Request) {
mockerType := req.FormValue("mocker-type")
mockerFn := LookupMocker(mockerType)
if mockerFn == nil {
http.Error(w, fmt.Sprintf("unknown mocker type %q", mockerType), http.StatusBadRequest)
http.Error(w, fmt.Sprintf("unknown mocker type %q", html.EscapeString(mockerType)), http.StatusBadRequest)
return
}
nodeCount, err := strconv.Atoi(req.FormValue("node-count"))
Expand Down

0 comments on commit 4d831ec

Please sign in to comment.