1
0
Fork 0
forked from svrjs/svrjs

Fixed redirect loops related to URL sanitizer

This commit is contained in:
Dorian Niemiec 2023-08-18 21:54:58 +02:00
parent 47a793b958
commit bd475a2e8e
3 changed files with 14 additions and 7 deletions

View file

@ -3,7 +3,7 @@
"port": 80, "port": 80,
"pubport": 80, "pubport": 80,
"page404": "404.html", "page404": "404.html",
"timestamp": 1692387275306, "timestamp": 1692388365140,
"blacklist": [], "blacklist": [],
"nonStandardCodes": [], "nonStandardCodes": [],
"enableCompression": true, "enableCompression": true,

13
svr.js Executable file → Normal file
View file

@ -1077,7 +1077,12 @@ function sanitizeURL(resource) {
// Decode URL-encoded characters while preserving certain characters // Decode URL-encoded characters while preserving certain characters
resource = resource.replace(/%([0-9a-f]{2})/gi, function (match, hex) { resource = resource.replace(/%([0-9a-f]{2})/gi, function (match, hex) {
var decodedChar = String.fromCharCode(parseInt(hex, 16)); var decodedChar = String.fromCharCode(parseInt(hex, 16));
return /(?![;?:@&=+$,#%])[!-~]/.test(decodedChar) ? decodedChar : "%" + hex; return /(?!["<>^`{|}?#%])[!-~]/.test(decodedChar) ? decodedChar : "%" + hex;
});
// Encode certain characters
resource = resource.replace(/[<>^`{|}]]/g, function (character) {
var charCode = character.charCodeAt(0);
return "%" + (charcode < 16 ? "0" : "") + charCode.toString(16).toUpperCase();
}); });
var sanitizedResource = resource; var sanitizedResource = resource;
// Ensure the resource starts with a slash // Ensure the resource starts with a slash
@ -1100,10 +1105,12 @@ function fixNodeMojibakeURL(string) {
if(value > 127) { if(value > 127) {
encoded += "%" + (value < 16 ? "0" : "") + value.toString(16).toUpperCase(); encoded += "%" + (value < 16 ? "0" : "") + value.toString(16).toUpperCase();
} else { } else {
encoded += String.fromCodePoint(value) encoded += String.fromCodePoint(value);
} }
}); });
return encoded; return encoded.replace(/%[0-9a-f-A-F]{2}/g, function (match) {
return match.toUpperCase();
});
} }
var key = ""; var key = "";

View file

@ -1 +1 @@
3 6