ashatora/tileserver-gl
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Fix reflected XSS in 'key' parameter. Fixes #461

Browse Source
This commit is contained in:
Daniel Korp
2020-07-02 09:30:33 +02:00
parent a5a8ae1e95
commit 10431d70d0
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/serve_style.js
View File

@@ -17,7 +17,7 @@ const fixUrl = (req, url, publicUrl, opt_nokey) => {
}
const queryParams = [];
if (!opt_nokey && req.query.key) {
queryParams.unshift(`key=${req.query.key}`);
queryParams.unshift(`key=${encodeURIComponent(req.query.key)}`);
}
let query = '';
if (queryParams.length) {