From 6100647310594868e931f3de1188ddd8bde93b78 Mon Sep 17 00:00:00 2001
From: Andy Hsu <i@nn.ci>
Date: Fri, 24 Nov 2023 16:46:48 +0800
Subject: [PATCH] fix: reflected XSS vulnerability plist api

---
 server/handles/helper.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/handles/helper.go b/server/handles/helper.go
index 40eba3c449c..bd41c42c3bf 100644
--- a/server/handles/helper.go
+++ b/server/handles/helper.go
@@ -45,6 +45,8 @@ func Plist(c *gin.Context) {
 	}
 	fullName := c.Param("name")
 	Url := link.String()
+	Url = strings.ReplaceAll(Url, "<", "[")
+	Url = strings.ReplaceAll(Url, ">", "]")
 	nameEncode := linkNameSplit[1]
 	fullName, err = url.PathUnescape(nameEncode)
 	if err != nil {