Escape comments before storing them in the databaseHEADmasterdev

Signed-off-by: Max Magorsch <arzano@gentoo.org>

2 files changed, 3 insertions, 2 deletions

diff --git a/pkg/app/handler/cvetool/comments.go b/pkg/app/handler/cvetool/comments.go
index 3d76d75..1659ea7 100644
--- a/pkg/app/handler/cvetool/comments.go
+++ b/pkg/app/handler/cvetool/comments.go
@@ -8,6 +8,7 @@ import (
 	"glsamaker/pkg/models/cve"
 	"encoding/json"
 	"glsamaker/pkg/models/users"
+	"html"
 	"net/http"
 	"time"
 )
@@ -52,7 +53,7 @@ func addNewCommment(id string, user *users.User, comment string) (cve.Comment, e
 		CVEId:   id,
 		UserId:  user.Id,
 		User:    user,
-		Message: comment,
+		Message: html.EscapeString(comment),
 		Date:    time.Now(),
 	}
 
diff --git a/pkg/app/handler/glsa/comments.go b/pkg/app/handler/glsa/comments.go
index 1381984..bc626ef 100644
--- a/pkg/app/handler/glsa/comments.go
+++ b/pkg/app/handler/glsa/comments.go
@@ -91,7 +91,7 @@ func AddNewCommment(id string, user *users.User, comment string, commentType str
 		User:      user,
 		UserBadge: user.Badge,
 		Type:      commentType,
-		Message:   comment,
+		Message:   html.EscapeString(comment),
 		Date:      time.Now(),
 	}