Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit54271f6

Browse files
ctcpipUlisesGascon
andcommitted
fix: don't render redirect values in anchor href
Co-authored-by: Ulises Gascón <ulisesgascongonzalez@gmail.com>
1 parent125bb74 commit54271f6

File tree

2 files changed

+22
-4
lines changed

2 files changed

+22
-4
lines changed

‎lib/response.js‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -969,7 +969,7 @@ res.redirect = function redirect(url) {
969969

970970
html:function(){
971971
varu=escapeHtml(address);
972-
body='<p>'+statuses.message[status]+'. Redirecting to<a href="'+u+'">'+u+'</a></p>'
972+
body='<p>'+statuses.message[status]+'. Redirecting to '+u+'</p>'
973973
},
974974

975975
default:function(){

‎test/res.redirect.js‎

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ describe('res', function(){
106106
.set('Accept','text/html')
107107
.expect('Content-Type',/html/)
108108
.expect('Location','http://google.com')
109-
.expect(302,'<p>Found. Redirecting to<a href="http://google.com">http://google.com</a></p>',done)
109+
.expect(302,'<p>Found. Redirecting to http://google.com</p>',done)
110110
})
111111

112112
it('should escape the url',function(done){
@@ -122,9 +122,27 @@ describe('res', function(){
122122
.set('Accept','text/html')
123123
.expect('Content-Type',/html/)
124124
.expect('Location','%3Cla\'me%3E')
125-
.expect(302,'<p>Found. Redirecting to<a href="%3Cla&#39;me%3E">%3Cla&#39;me%3E</a></p>',done)
125+
.expect(302,'<p>Found. Redirecting to %3Cla&#39;me%3E</p>',done)
126126
})
127127

128+
it('should not render evil javascript links in anchor href (prevent XSS)',function(done){
129+
varapp=express();
130+
varxss='#"diff-71d08e453c986a86b96dcbb60125d64576700c40f2eb7f758ca2377dfefa0be4-127-131-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">
131+
varencodedXss='#"diff-71d08e453c986a86b96dcbb60125d64576700c40f2eb7f758ca2377dfefa0be4-127-132-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">
132+
133+
app.use(function(req,res){
134+
res.redirect(xss);
135+
});
136+
137+
request(app)
138+
.get('/')
139+
.set('Host','http://example.com')
140+
.set('Accept','text/html')
141+
.expect('Content-Type',/html/)
142+
.expect('Location',encodedXss)
143+
.expect(302,'<p>Found. Redirecting to '+encodedXss+'</p>',done);
144+
});
145+
128146
it('should include the redirect type',function(done){
129147
varapp=express();
130148

@@ -137,7 +155,7 @@ describe('res', function(){
137155
.set('Accept','text/html')
138156
.expect('Content-Type',/html/)
139157
.expect('Location','http://google.com')
140-
.expect(301,'<p>Moved Permanently. Redirecting to<a href="http://google.com">http://google.com</a></p>',done);
158+
.expect(301,'<p>Moved Permanently. Redirecting to http://google.com</p>',done);
141159
})
142160
})
143161

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp