Fix not sanitizing file names rendered in html

omphalos · Feb 14, 2018 · 4155bfe · 4155bfe
1 parent 0c45fc6
commit 4155bfe
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/crud-file-server.js b/crud-file-server.js
@@ -140,7 +140,9 @@ exports.handleRequest = function(vpath, path, req, res, readOnly, logHeadRequest
 															var name = results[f].name;
 															var normalized = url + '/' + name;
 															while(normalized[0] == '/') { normalized = normalized.slice(1, normalized.length); }
-															res.write('\r\n<p><a href="/' + normalized + '">' + name + '</a></p>');
+															if(normalized.indexOf('"') >= 0) throw new Error('unsupported file name')
+															name = name.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+															res.write('\r\n<p><a href="/' + normalized + '"><span>' + name + '</span></a></p>');
 														}
 														res.end('\r\n</body></html>');
 													}