ashatora/tileserver-gl
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Fix reflected XSS in 'key' parameter. Fixes #461

Browse Source
This commit is contained in:
Daniel Korp
2020-07-02 09:30:33 +02:00
parent a5a8ae1e95
commit 10431d70d0
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils.js
View File

@@ -40,7 +40,7 @@ module.exports.getTileUrls = (req, domains, path, format, publicUrl, aliases) =>
const key = req.query.key;
const queryParams = [];
if (req.query.key) {
queryParams.push(`key=${req.query.key}`);
queryParams.push(`key=${encodeURIComponent(req.query.key)}`);
}
if (req.query.style) {
queryParams.push(`style=${req.query.style}`);