Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: add note about security
  • Loading branch information
UziTech committed May 4, 2021
1 parent 2cde11e commit 78c47a2
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions README.md
Expand Up @@ -63,6 +63,9 @@ Install using npm:
$ npm install express-handlebars
```

## Danger 🔥

Never put objects on the `req` object straight in as the data, this can allow hackers to run XSS attacks. Always make sure you are destructuring the values on objects like `req.query` and `req.params`. See https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/ for more details.

## Usage

Expand Down

0 comments on commit 78c47a2

Please sign in to comment.