Fix XSS in path_info
prevent symlink usage to access files outside of the "mounted" directory
Can lead to XSS
secure_compare for digest authentication
More secure example
Could you do this in a separate PR? I'd like to merge that.
This one is good.
Again, HTML escaping in a text document?
This is actually changed behavior. I'm not sure we don't want to follow symlinks. Maybe make this an option?
Sure up HTML escaping in Rack::Directory
* Supersedes & closes #522