Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disallow traversing above root dir #602

Closed
emilos opened this issue Apr 9, 2020 · 0 comments
Closed

Disallow traversing above root dir #602

emilos opened this issue Apr 9, 2020 · 0 comments
Labels
priority: high security
Projects
Security

Comments

@emilos
Copy link
Contributor

emilos commented Apr 9, 2020
edited

In theory traversing '../../../../some-dir/some-other-dir/ is insecure if the engine is used for tools like REPLs because you'd be able to access any html file.

It should be possible to override this setting.
@emilos emilos added the security label Apr 9, 2020
@emilos emilos added this to To do in Security Apr 27, 2020
@emilos emilos closed this as completed Sep 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: high security
Projects
No open projects
Security
  
To do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@emilos