Skip to content
This repository has been archived by the owner on Oct 30, 2018. It is now read-only.

[bz4647743] Remove static handler's check for malicious paths #87

Closed
add0n opened this issue Mar 30, 2012 · 1 comment
Closed

[bz4647743] Remove static handler's check for malicious paths #87

add0n opened this issue Mar 30, 2012 · 1 comment
Labels
enhancement

Comments

@add0n
Copy link
Contributor

add0n commented Mar 30, 2012

we should be able to just remove statements like this, because Mojito closes all bad URLs down:

// Potentially malicious path
if (~path.indexOf('..')) {
return forbidden(res);
}
@Gissues:{"order":66.66666666666666,"status":"backlog"}
@caridy
Copy link
Contributor

caridy commented Jan 29, 2013

0.5.x static handler relies entirely on the store and the urls produced by the store, anything else is ignored (404).

@caridy caridy closed this as completed Jan 29, 2013
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caridy @add0n