|
@@ -150,7 +150,7 @@ module.exports = function(crowi, app) {
|
|
|
const actions = {};
|
|
const actions = {};
|
|
|
|
|
|
|
|
function getPathFromRequest(req) {
|
|
function getPathFromRequest(req) {
|
|
|
- return pathUtils.normalizePath(req.params[0] || '');
|
|
|
|
|
|
|
+ return crowi.xss.process(pathUtils.normalizePath(req.params[0] || ''));
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
function isUserPage(path) {
|
|
function isUserPage(path) {
|
yusuketk