Skip to content

Commit

Permalink
examples: properly escape user input in route-map
Browse files Browse the repository at this point in the history 
fixes #3992
closes #4119
  • Loading branch information
@KoyamaSohei @dougwilson
KoyamaSohei authored and dougwilson committed Mar 25, 2020
1 parent 3f1dcb9 commit 323a389
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions examples/route-map/index.js
View file
Expand Up @@ -2,6 +2,7 @@
* Module dependencies.
*/

var escapeHtml = require('escape-html')
var express = require('../../lib/express');

var verbose = process.env.NODE_ENV !== 'test'
Expand Down Expand Up @@ -31,7 +32,7 @@ var users = {
},

get: function(req, res){
res.send('user ' + req.params.uid);
res.send('user ' + escapeHtml(req.params.uid))
},

delete: function(req, res){
Expand All @@ -41,11 +42,11 @@ var users = {

var pets = {
list: function(req, res){
res.send('user ' + req.params.uid + '\'s pets');
res.send('user ' + escapeHtml(req.params.uid) + '\'s pets')
},

delete: function(req, res){
res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid);
res.send('delete ' + escapeHtml(req.params.uid) + '\'s pet ' + escapeHtml(req.params.pid))
}
};

Expand Down

0 comments on commit 323a389

Please sign in to comment.