diff options
| author | Aleksei Sidorenko <88515338+rydve@users.noreply.github.com> | 2026-03-04 13:35:24 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-03-04 13:35:24 +0300 |
| commit | 96b8fe472ce2600906237ebc120e9c99983bc4d5 (patch) | |
| tree | 3eb2fdcf50aad7fca47f6215d7b4d52d296f163a | |
| parent | 59b695ba831be9547149db3525420b836d160272 (diff) | |
Fix: escape HTML characters in tgbot start command (#3883)
| -rw-r--r-- | web/service/tgbot.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/web/service/tgbot.go b/web/service/tgbot.go index 3ff80b40..6bb335b9 100644 --- a/web/service/tgbot.go +++ b/web/service/tgbot.go @@ -8,6 +8,7 @@ import ( "encoding/json" "errors" "fmt" + "html" "io" "math/big" "net" @@ -651,7 +652,7 @@ func (t *Tgbot) answerCommand(message *telego.Message, chatId int64, isAdmin boo msg += t.I18nBot("tgbot.commands.help") msg += t.I18nBot("tgbot.commands.pleaseChoose") case "start": - msg += t.I18nBot("tgbot.commands.start", "Firstname=="+message.From.FirstName) + msg += t.I18nBot("tgbot.commands.start", "Firstname=="+html.EscapeString(message.From.FirstName)) if isAdmin { msg += t.I18nBot("tgbot.commands.welcome", "Hostname=="+hostname) } |