[bz4647743] Remove static handler's check for malicious paths #87

Closed
add0n opened this Issue Mar 30, 2012 · 1 comment

Comments

Projects
None yet
2 participants
Contributor

add0n commented Mar 30, 2012

we should be able to just remove statements like this, because Mojito closes all bad URLs down:

// Potentially malicious path
if (~path.indexOf('..')) {
return forbidden(res);
}
@gissues:{"order":66.66666666666666,"status":"backlog"}

Collaborator

caridy commented Jan 29, 2013

0.5.x static handler relies entirely on the store and the urls produced by the store, anything else is ignored (404).

@caridy caridy closed this Jan 29, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment