I'm using express in my node app to fulfill http requests:
app.get('/url/for/thing', function(req, res) {
// .
// .
// glorious and beautiful code here
// .
// .
});
If I run my app on port 8000, and use my browser to navigate to my.ip.add.ress:8000/url/for/thing, then I see exactly the response I want - everything is working!
My issue is that some clients which I cannot control will be requesting the exact same response, but will be querying this sort of url instead: my.ip.add.ress:8000/url/for/haha/../thing
Filepath resolution should cause ../ to cancel out with haha/, but it seems that express is not doing this.
The component haha/ is variable - it could change to anything, so I cannot simply look to capture the literal urls that clients are requesting. To make matters worse, urls may require multiple applications of filepath resolution in order to work with my app. I should be able to respond to a request for my.ip.add.ress:8000/url/for/h/a/../h/a/../../../thing, for example. This makes me think that a regex solution is not viable.
How can I get my app to resolve requests for urls with the ../ component?
via Gershom Maes
No comments:
Post a Comment