web: use html/template

so output is safe against code injection
2025-12-07 14:50:55 +03:00 · 2019-10-09 11:48:54 +02:00
parent 5ffa34dacb
commit 4f36c1de06
3 changed files with 3 additions and 3 deletions
--- a/httpd/web.go
+++ b/httpd/web.go
@@ -2,11 +2,11 @@ package httpd

 import (
 	"fmt"
+	"html/template"
 	"net/http"
 	"path/filepath"
 	"strconv"
 	"strings"
-	"text/template"

 	"github.com/drakkan/sftpgo/dataprovider"
 	"github.com/drakkan/sftpgo/sftpd"