Merge ee920322be into 96b8fe472c

Fix: escape HTML characters in tgbot start command (#3883 )
2026-04-17 21:15:50 +00:00 · 2026-03-04 12:18:42 +01:00 · 2026-03-04 11:35:24 +01:00
1 changed files with 2 additions and 1 deletions
--- a/web/service/tgbot.go
+++ b/web/service/tgbot.go
@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"html"
 	"io"
 	"math/big"
 	"net"
@ -664,7 +665,7 @@ func (t *Tgbot) answerCommand(message *telego.Message, chatId int64, isAdmin boo
 		msg += t.I18nBot("tgbot.commands.help")
 		msg += t.I18nBot("tgbot.commands.pleaseChoose")
 	case "start":
-		msg += t.I18nBot("tgbot.commands.start", "Firstname=="+message.From.FirstName)
+		msg += t.I18nBot("tgbot.commands.start", "Firstname=="+html.EscapeString(message.From.FirstName))
 		if isAdmin {
 			msg += t.I18nBot("tgbot.commands.welcome", "Hostname=="+hostname)
 		}
Author	SHA1	Message	Date
Aleksei Sidorenko	4dc4777b17	Merge `ee920322be` into `96b8fe472c`	2026-03-04 12:18:42 +01:00
Aleksei Sidorenko	96b8fe472c	Fix: escape HTML characters in tgbot start command (#3883 )	2026-03-04 11:35:24 +01:00