1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-06 09:20:43 +01:00

clean api url paths from directory traversal (#539)

This commit is contained in:
Kyle Spearrin 2021-11-09 15:37:58 -05:00 committed by GitHub
parent c4fb4a35ab
commit ea29f580a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1616,6 +1616,9 @@ export class ApiService implements ApiServiceAbstraction {
headers.set('User-Agent', this.customUserAgent);
}
// Clean path from directory traversal
path = path.split('../').join('');
const requestInit: RequestInit = {
cache: 'no-store',
credentials: this.getCredentials(),