Skip to content
Permalink
Browse files

examples: properly escape user input in route-map

fixes #3992
closes #4119
  • Loading branch information
KoyamaSohei authored and dougwilson committed Dec 13, 2019
1 parent 3f1dcb9 commit 323a38965afc586e7d02fb6a557b93719e817dd9
Showing with 4 additions and 3 deletions.
  1. +4 −3 examples/route-map/index.js
@@ -2,6 +2,7 @@
* Module dependencies.
*/

var escapeHtml = require('escape-html')
var express = require('../../lib/express');

var verbose = process.env.NODE_ENV !== 'test'
@@ -31,7 +32,7 @@ var users = {
},

get: function(req, res){
res.send('user ' + req.params.uid);
res.send('user ' + escapeHtml(req.params.uid))
},

delete: function(req, res){
@@ -41,11 +42,11 @@ var users = {

var pets = {
list: function(req, res){
res.send('user ' + req.params.uid + '\'s pets');
res.send('user ' + escapeHtml(req.params.uid) + '\'s pets')
},

delete: function(req, res){
res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid);
res.send('delete ' + escapeHtml(req.params.uid) + '\'s pet ' + escapeHtml(req.params.pid))
}
};

0 comments on commit 323a389

Please sign in to comment.
You can’t perform that action at this time.