GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Fix XSS in path_info
prevent symlink usage to access files outside of the "mounted" directory
Can lead to XSS
secure_compare for digest authentication
More secure example
Could you do this in a separate PR? I'd like to merge that.
This one is good.
Again, HTML escaping in a text document?
This is actually changed behavior. I'm not sure we don't want to follow symlinks. Maybe make this an option?