From 323a38965afc586e7d02fb6a557b93719e817dd9 Mon Sep 17 00:00:00 2001
From: KoyamaSohei <koyamaso0309@gmail.com>
Date: Fri, 13 Dec 2019 14:41:03 +0900
Subject: [PATCH] examples: properly escape user input in route-map

fixes #3992
closes #4119
---
 examples/route-map/index.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/examples/route-map/index.js b/examples/route-map/index.js
index f2b192ac..e7adf5fc 100644
--- a/examples/route-map/index.js
+++ b/examples/route-map/index.js
@@ -2,6 +2,7 @@
  * Module dependencies.
  */
 
+var escapeHtml = require('escape-html')
 var express = require('../../lib/express');
 
 var verbose = process.env.NODE_ENV !== 'test'
@@ -31,7 +32,7 @@ var users = {
   },
 
   get: function(req, res){
-    res.send('user ' + req.params.uid);
+    res.send('user ' +  escapeHtml(req.params.uid))
   },
 
   delete: function(req, res){
@@ -41,11 +42,11 @@ var users = {
 
 var pets = {
   list: function(req, res){
-    res.send('user ' + req.params.uid + '\'s pets');
+    res.send('user ' + escapeHtml(req.params.uid) + '\'s pets')
   },
 
   delete: function(req, res){
-    res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid);
+    res.send('delete ' + escapeHtml(req.params.uid) + '\'s pet ' + escapeHtml(req.params.pid))
   }
 };