27 строки
956 B
Diff
27 строки
956 B
Diff
From cb67c9a152a1e2d8ffb3a74c504d4c9a845bf4dc Mon Sep 17 00:00:00 2001
|
|
From: Rohit Rawat <xordux@gmail.com>
|
|
Date: Mon, 14 Oct 2024 07:18:16 +0000
|
|
Subject: [PATCH] serve-static don't pass untrusted user input
|
|
|
|
---
|
|
serve-static/index.js | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/src/ui/node_modules/serve-static/index.js b/src/ui/node_modules/serve-static/index.js
|
|
index b7d3984c..3f3e64e9 100644
|
|
--- a/src/ui/node_modules/serve-static/index.js
|
|
+++ b/src/ui/node_modules/serve-static/index.js
|
|
@@ -195,8 +195,7 @@ function createRedirectDirectoryListener () {
|
|
|
|
// reformat the URL
|
|
var loc = encodeUrl(url.format(originalUrl))
|
|
- var doc = createHtmlDocument('Redirecting', 'Redirecting to <a href="' + escapeHtml(loc) + '">' +
|
|
- escapeHtml(loc) + '</a>')
|
|
+ var doc = createHtmlDocument('Redirecting', 'Redirecting to ' + escapeHtml(loc))
|
|
|
|
// send redirect response
|
|
res.statusCode = 301
|
|
--
|
|
2.39.4
|
|
|