Prevent possible XSS

2025-08-08 04:48:44 +00:00 · 2024-03-29 16:54:03 -04:00 · 2024-03-29 16:54:03 -04:00 · 1884ffd95f
commit 1884ffd95f
parent 939e192732
1 changed files with 12 additions and 8 deletions
--- a/ProjectLighthouse.Servers.Website/Pages/LandingPage.cshtml
+++ b/ProjectLighthouse.Servers.Website/Pages/LandingPage.cshtml
@ -66,15 +66,19 @@
        <div>
            <h3>@Model.LatestAnnouncement.Title</h3>
            <div style="padding-bottom: 2em;">
-                <span style="white-space: pre-line">
-                    @{
-                        string truncatedAnnouncement = Model.LatestAnnouncement.Content.Length > 250
-                            ? Model.LatestAnnouncement.Content[..250] +
-                              $"... <a href='{ServerConfiguration.Instance.ExternalUrl}/notifications'>read more</a>"
-                            : Model.LatestAnnouncement.Content;
+                    @if (Model.LatestAnnouncement.Content.Length > 250)
+                    {
+                        <span style="white-space: pre-line">
+                            @Model.LatestAnnouncement.Content[..250]
+                            <a href="@ServerConfiguration.Instance.ExternalUrl/notifications">read more</a>
+                        </span>
+                    }
+                    else
+                    {
+                        <span style="white-space: pre-line">
+                            @Model.LatestAnnouncement.Content
+                        </span>
                    }
-                    @Html.Raw(truncatedAnnouncement)
-                </span>
            </div>
            @if (Model.LatestAnnouncement.Publisher != null)
            {