add some XSS / path traversal validation

2022-02-07 12:28:38 +01:00
parent 74c8cb555d
commit 592acbdb19
4 changed files with 13 additions and 7 deletions
--- a/server/api/controller/setup.js
+++ b/server/api/controller/setup.js
@@ -5,6 +5,7 @@ const db = require('../models/index.js')
 const config = require('../../config')
 const settingsController = require('./settings')
 const path = require('path')
+const escape = require('lodash/escape')

 const setupController = {

@@ -88,7 +89,7 @@ const setupController = {

      } catch (e) {
        log.error(String(e))
-        return res.status(400).send(String(e))
+        return res.status(400).send(escape(String(e)))
      }
    }