Merge pull request #6 from gialpremium/111219-m-reflected-xss-fix

K-111219: Reflected XSS на /web-tools/nginx-config-generator

src/nginxconfig/generators/conf/letsencrypt.conf.js

@@ -29,7 +29,7 @@ export default global => {
 
     config['# ACME-challenge'] = '';
     config['location ^~ /.well-known/acme-challenge/'] = {
-        root: global.https.letsEncryptRoot.computed.replace(/\/+$/, ''),
+        root: global.https.letsEncryptRoot.computed.replace(/(<.+>)|(\/+$)/, ''),
     };
 
     // Done!

src/nginxconfig/templates/domain_sections/server.vue

@@ -208,6 +208,7 @@ THE SOFTWARE.
         watch: {
             '$props.data.domain': {
                 handler(data) {
+                    data.computed = data.computed.replace(/<.+>/, '');
                     // Ignore www. if given, enable WWW subdomain
                     if (data.computed.startsWith('www.')) {
                         data.computed = data.computed.slice(4);