Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #463 from korpd/fix-xss-parameter-style

Browse source 
Fix reflected XSS in 'style' parameter
This commit is contained in:
Petr Sloup 2020-07-02 14:47:24 +02:00 committed by GitHub
commit 042b8b986a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/utils.js
View file

@ -43,7 +43,7 @@ module.exports.getTileUrls = (req, domains, path, format, publicUrl, aliases) =>
queryParams.push(`key=${encodeURIComponent(req.query.key)}`); queryParams.push(`key=${encodeURIComponent(req.query.key)}`);
} }
if (req.query.style) { if (req.query.style) {
queryParams.push(`style=${req.query.style}`); queryParams.push(`style=${encodeURIComponent(req.query.style)}`);
} }
const query = queryParams.length > 0 ? (`?${queryParams.join('&')}`) : ''; const query = queryParams.length > 0 ? (`?${queryParams.join('&')}`) : '';