farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-28 17:01:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1368 from FlowiseAI/bugfix/XSS-array-query

Browse Source 
Bugfix/Check for array query parameter
This commit is contained in:
Henry Heng
2023-12-11 22:03:12 +00:00
committed by GitHub
parent bac91eed00 f51c1d5b7a
commit dd5034e6a4
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/utils/XSS.ts
+9 -2
View File
@@ -6,8 +6,15 @@ export function sanitizeMiddleware(req: Request, res: Response, next: NextFuncti
const decodedURI = decodeURI(req.url) const decodedURI = decodeURI(req.url)
req.url = sanitizeHtml(decodedURI) req.url = sanitizeHtml(decodedURI)
for (let p in req.query) { for (let p in req.query) {
req.query[p] = sanitizeHtml(req.query[p] as string) if (Array.isArray(req.query[p])) {
const sanitizedQ = []
for (const q of req.query[p] as string[]) {
sanitizedQ.push(sanitizeHtml(q))
}
req.query[p] = sanitizedQ
} else {
req.query[p] = sanitizeHtml(req.query[p] as string)
}
} }
next() next()
} }