OSSForks/express
1
0
Fork 0
mirror of https://github.com/zebrajr/express.git synced 2025-12-06 00:19:48 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

examples: properly escape user input in route-map

Browse Source 
fixes #3992
closes #4119
This commit is contained in:
KoyamaSohei 2019-12-13 14:41:03 +09:00 committed by Douglas Christopher Wilson
parent 3f1dcb96e0
commit 323a38965a
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
examples/route-map/index.js
View File

@ -2,6 +2,7 @@
* Module dependencies. * Module dependencies.
*/ */
var escapeHtml = require('escape-html')
var express = require('../../lib/express'); var express = require('../../lib/express');
var verbose = process.env.NODE_ENV !== 'test' var verbose = process.env.NODE_ENV !== 'test'
@ -31,7 +32,7 @@ var users = {
}, },
get: function(req, res){ get: function(req, res){
res.send('user ' + req.params.uid); res.send('user ' + escapeHtml(req.params.uid))
}, },
delete: function(req, res){ delete: function(req, res){
@ -41,11 +42,11 @@ var users = {
var pets = { var pets = {
list: function(req, res){ list: function(req, res){
res.send('user ' + req.params.uid + '\'s pets'); res.send('user ' + escapeHtml(req.params.uid) + '\'s pets')
}, },
delete: function(req, res){ delete: function(req, res){
res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid); res.send('delete ' + escapeHtml(req.params.uid) + '\'s pet ' + escapeHtml(req.params.pid))
} }
}; };