-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should the path be normalized? #51
Comments
I'm on Windows and I get the same error with all requests because |
test with path.parse('/a/b') {root: '/', ...} |
@Pumpuli I think your problem is koajs/static#77 ? |
Yep, seems to be a Node issue, works on Node 5.6.0. |
@coderhaoxin
returns
I suggest use |
@zbinlin I saw your PR to node, |
@coderhaoxin right, but I also suggest that use |
@zbinlin why so? shouldn't we use path#parse and let Node determine how to resolve the path dependent on the environment. |
@tejasmanohar I think the path is usually unix path(or url path), so we can only remove first forward slash of the path use |
Yeah, I think the point is that |
I'm using
koa-send
in my Koa server and I have the problem that I getMalicious Path
fromresolve-path
when the request path is something along the lines ofhttp://localhost:3000//some/path/image.jpg
.Would it be a bad idea to
path.normalize
the path inkoa-send
before processing it further? This could for instance be done here https://github.com/koajs/send/blob/master/index.js#L46 before doingsubstring
on the path.The text was updated successfully, but these errors were encountered: