ashatora/tileserver-gl
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Fix reflected XSS in 'style' parameter

Browse Source
This commit is contained in:
Daniel Korp
2020-07-02 10:28:25 +02:00
parent f8563e1f2b
commit 038bfe29d6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils.js
View File

@@ -43,7 +43,7 @@ module.exports.getTileUrls = (req, domains, path, format, publicUrl, aliases) =>
queryParams.push(`key=${encodeURIComponent(req.query.key)}`);
}
if (req.query.style) {
queryParams.push(`style=${req.query.style}`);
queryParams.push(`style=${encodeURIComponent(req.query.style)}`);
}
const query = queryParams.length > 0 ? (`?${queryParams.join('&')}`) : '';