fix: round 10 critical fixes - WebSocket race, rate limiting, XSS protection, Caddyfile, and input validation

2026-05-20 17:59:22 +08:00
parent a5b5713b29
commit 20cdcc748e
10 changed files with 336 additions and 25 deletions
@@ -2,6 +2,7 @@ package handler

 import (
 	"encoding/json"
+	"html"
 	"log"
 	"net/http"
 	"strconv"
@@ -113,8 +114,8 @@ func (h *ReminderHandler) Create(c *gin.Context) {
 	reminder := &store.Reminder{
 		ID:          generateID(),
 		UserID:      userID,
-		Title:       req.Title,
-		Description: req.Description,
+		Title:       html.EscapeString(req.Title),
+		Description: html.EscapeString(req.Description),
 		RemindAt:    remindAt,
 		Status:      "pending",
 		RepeatType:  repeatType,