hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prevent inline js payloads from executing in outgoing page

Browse Source
v1.18.x
Julian Lam 7 years ago
parent 67ba6bb820
commit 5863d64d27
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/controllers/index.js
Unescape Escape View File

@ -391,7 +391,7 @@ Controllers.manifest = function (req, res) {
Controllers.outgoing = function (req, res, next) { Controllers.outgoing = function (req, res, next) {
var url = req.query.url || ''; var url = req.query.url || '';
if (!url) { if (!url || url.startsWith('javascript:')) {
return next(); return next();
} }

Write Preview
Loading…
Cancel
Save