forked from svrjs/svrjs
Fixed redirect loops related to URL sanitizer
This commit is contained in:
parent
47a793b958
commit
bd475a2e8e
3 changed files with 14 additions and 7 deletions
|
@ -3,7 +3,7 @@
|
||||||
"port": 80,
|
"port": 80,
|
||||||
"pubport": 80,
|
"pubport": 80,
|
||||||
"page404": "404.html",
|
"page404": "404.html",
|
||||||
"timestamp": 1692387275306,
|
"timestamp": 1692388365140,
|
||||||
"blacklist": [],
|
"blacklist": [],
|
||||||
"nonStandardCodes": [],
|
"nonStandardCodes": [],
|
||||||
"enableCompression": true,
|
"enableCompression": true,
|
||||||
|
|
15
svr.js
Executable file → Normal file
15
svr.js
Executable file → Normal file
|
@ -1077,7 +1077,12 @@ function sanitizeURL(resource) {
|
||||||
// Decode URL-encoded characters while preserving certain characters
|
// Decode URL-encoded characters while preserving certain characters
|
||||||
resource = resource.replace(/%([0-9a-f]{2})/gi, function (match, hex) {
|
resource = resource.replace(/%([0-9a-f]{2})/gi, function (match, hex) {
|
||||||
var decodedChar = String.fromCharCode(parseInt(hex, 16));
|
var decodedChar = String.fromCharCode(parseInt(hex, 16));
|
||||||
return /(?![;?:@&=+$,#%])[!-~]/.test(decodedChar) ? decodedChar : "%" + hex;
|
return /(?!["<>^`{|}?#%])[!-~]/.test(decodedChar) ? decodedChar : "%" + hex;
|
||||||
|
});
|
||||||
|
// Encode certain characters
|
||||||
|
resource = resource.replace(/[<>^`{|}]]/g, function (character) {
|
||||||
|
var charCode = character.charCodeAt(0);
|
||||||
|
return "%" + (charcode < 16 ? "0" : "") + charCode.toString(16).toUpperCase();
|
||||||
});
|
});
|
||||||
var sanitizedResource = resource;
|
var sanitizedResource = resource;
|
||||||
// Ensure the resource starts with a slash
|
// Ensure the resource starts with a slash
|
||||||
|
@ -1096,14 +1101,16 @@ function sanitizeURL(resource) {
|
||||||
|
|
||||||
function fixNodeMojibakeURL(string) {
|
function fixNodeMojibakeURL(string) {
|
||||||
var encoded = "";
|
var encoded = "";
|
||||||
Buffer.from(string, "latin1").forEach(function(value) {
|
Buffer.from(string, "latin1").forEach(function (value) {
|
||||||
if(value > 127) {
|
if(value > 127) {
|
||||||
encoded += "%" + (value < 16 ? "0" : "") + value.toString(16).toUpperCase();
|
encoded += "%" + (value < 16 ? "0" : "") + value.toString(16).toUpperCase();
|
||||||
} else {
|
} else {
|
||||||
encoded += String.fromCodePoint(value)
|
encoded += String.fromCodePoint(value);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
return encoded;
|
return encoded.replace(/%[0-9a-f-A-F]{2}/g, function (match) {
|
||||||
|
return match.toUpperCase();
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
var key = "";
|
var key = "";
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
3
|
6
|
Reference in a new issue