Skip to content

Commit

Permalink
fix Cross-site scripting (XSS) vulnerability
Browse files Browse the repository at this point in the history 
reference: https://gist.github.com/lirantal/52debd25284726fcc2eaed9c7512975c
  • Loading branch information
@beenotung
beenotung committed May 2, 2023
1 parent bc676c1 commit f7a0062
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,9 +130,14 @@ async function main() {
res.write(templatePart2)
for (let file of files) {
let href = `${req.url}/${file}`.replace(/^\/\//, '/')
href = encodeURI(href)
let text = file
.replace(/&/g, '&amp')
.replace(/</g, '&lt')
.replace(/>/g, '&gt')
let stat = fs.statSync(path.join(dir, file))
let type = stat.isDirectory() ? 'D' : 'F'
res.write(`[${type}] <a href="${href}">${file}</a><br>`)
res.write(`[${type}] <a href="${href}">${text}</a><br>`)
}
if (files.length === 0) {
res.write(`[empty directory]`)
Expand Down

0 comments on commit f7a0062

Please sign in to comment.