martinzhou2015 opened a new issue #1273:
URL: https://github.com/apache/incubator-brpc/issues/1273
**Describe the bug (描述bug)**
输入点:/src/brpc/builtin/hotspots_service.cpp#L628
```
const std::string* view = cntl->http_request().uri().GetQuery("view");
```
输出点,拼接输出到<script>标签之间:/src/brpc/builtin/hotspots_service.cpp#L994
```
if (view) {
os << "&view=" << *view;
}
```
**To Reproduce (复现方法)**
https://brpc_site/hotspots/cpu?view=?";><iframe>
IE浏览器下,地址栏未对<、>、"做URL编码,产生跨站脚本风险
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
