[bz4647743] Remove static handler's check for malicious paths #87

add0n opened this Issue Mar 30, 2012 · 1 comment


None yet
2 participants

add0n commented Mar 30, 2012

we should be able to just remove statements like this, because Mojito closes all bad URLs down:

// Potentially malicious path
if (~path.indexOf('..')) {
return forbidden(res);


caridy commented Jan 29, 2013

0.5.x static handler relies entirely on the store and the urls produced by the store, anything else is ignored (404).

@caridy caridy closed this Jan 29, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment