OSSForks/express
1
0
Fork 0
mirror of https://github.com/zebrajr/express.git synced 2025-12-06 00:19:48 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

examples: properly escape user input in route-map

Browse Source 
fixes #3992
closes #4119
This commit is contained in:
KoyamaSohei 2019-12-13 14:41:03 +09:00 committed by Douglas Christopher Wilson
parent 3f1dcb96e0
commit 323a38965a
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
examples/route-map/index.js
View File

@ -2,6 +2,7 @@
* Module dependencies.
*/
var escapeHtml = require('escape-html')
var express = require('../../lib/express');
var verbose = process.env.NODE_ENV !== 'test'
@ -31,7 +32,7 @@ var users = {
},
get: function(req, res){
res.send('user ' + req.params.uid);
res.send('user ' + escapeHtml(req.params.uid))
},
delete: function(req, res){
@ -41,11 +42,11 @@ var users = {
var pets = {
list: function(req, res){
res.send('user ' + req.params.uid + '\'s pets');
res.send('user ' + escapeHtml(req.params.uid) + '\'s pets')
},
delete: function(req, res){
res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid);
res.send('delete ' + escapeHtml(req.params.uid) + '\'s pet ' + escapeHtml(req.params.pid))
}
};