aboutsummaryrefslogtreecommitdiffstats
path: root/src/server/HttpServer.hx
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/HttpServer.hx')
-rw-r--r--src/server/HttpServer.hx14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/server/HttpServer.hx b/src/server/HttpServer.hx
index c4853ee..7f257a4 100644
--- a/src/server/HttpServer.hx
+++ b/src/server/HttpServer.hx
@@ -50,7 +50,7 @@ class HttpServer {
}
public static function serveFiles(req:IncomingMessage, res:ServerResponse):Void {
- var url = decodeURI(req.url);
+ var url = safeDecodeURI(req.url);
if (url == "/") url = "/index.html";
var filePath = dir + url;
final ext = Path.extension(filePath).toLowerCase();
@@ -183,7 +183,7 @@ class HttpServer {
fn:(req:IncomingMessage) -> Bool
):Null<ClientRequest> {
final url = try {
- new URL(decodeURI(url));
+ new URL(safeDecodeURI(url));
} catch (e) return null;
if (url.host == req.headers["host"]) return null;
final options = {
@@ -216,6 +216,16 @@ class HttpServer {
return contentType;
}
+ static final ctrlCharacters = ~/[\u0000-\u001F\u007F-\u009F\u2000-\u200D\uFEFF]/g;
+
+ static function safeDecodeURI(data:String):String {
+ try {
+ data = decodeURI(data);
+ } catch (err) {}
+ data = ctrlCharacters.replace(data, "");
+ return data;
+ }
+
static inline function decodeURI(data:String):String {
return js.Syntax.code("decodeURI({0})", data);
}
send patches to the email below
yukais@pinapelz.com
include the subject [PATCH repo_name]
pinapelz.com
homepage