gm5
/
request
1
0
Fork 0
Code Issues Pull Requests Wiki Activity

优化无效url的处理

v1
宇天 2020-09-23 17:43:13 +08:00
parent 4ca31abbbb
commit 81ddb02afc
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
index.js
View File

@ -12,6 +12,8 @@ import URL from 'url'
import QS from 'querystring' import QS from 'querystring'
const tmpdir = process.cwd() + '/.tmp/' const tmpdir = process.cwd() + '/.tmp/'
const encode = encodeURIComponent
const decode = decodeURIComponent
function hideProperty(host, name, value) { function hideProperty(host, name, value) {
Object.defineProperty(host, name, { Object.defineProperty(host, name, {
@ -56,13 +58,15 @@ export default class Request {
let pathArr = [] let pathArr = []
let tmpArr = [] let tmpArr = []
_url = decode(_url)
// URL上不允许有非法字符 // URL上不允许有非法字符
if (/[^\w\-\/\.]/.test(_url)) { if (/[^\w\-\/\.]/.test(_url)) {
this.origin.res.rendered = true this.origin.res.rendered = true
this.origin.res.writeHead(400, { this.origin.res.writeHead(400, {
'X-debug': 'url[' + _url + '] contains illegal characters' 'X-debug': `url [/${encode(_url)}] contains invalid characters`
}) })
return this.origin.res.end('') return this.origin.res.end(`Invalid characters: /${_url}`)
} }
// 修正url中可能出现的"多斜杠" // 修正url中可能出现的"多斜杠"

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@gm5/request", "name": "@gm5/request",
"version": "1.2.0", "version": "1.2.1",
"description": "对Http的request进一步封装, 提供常用的API", "description": "对Http的request进一步封装, 提供常用的API",
"main": "index.js", "main": "index.js",
"author": "yutent", "author": "yutent",