Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-29 18:16:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

prevent inline js payloads from executing in outgoing page

Browse Source
This commit is contained in:
Julian Lam
2017-10-10 11:34:04 -04:00
parent 67ba6bb820
commit 5863d64d27
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/index.js
View File

@@ -391,7 +391,7 @@ Controllers.manifest = function (req, res) {
Controllers.outgoing = function (req, res, next) {
var url = req.query.url || '';
if (!url) {
if (!url || url.startsWith('javascript:')) {
return next();
}