mirror of
https://github.com/bitwarden/browser.git
synced 2024-11-06 09:20:43 +01:00
clean api url paths from directory traversal (#539)
This commit is contained in:
parent
c4fb4a35ab
commit
ea29f580a5
@ -1616,6 +1616,9 @@ export class ApiService implements ApiServiceAbstraction {
|
||||
headers.set('User-Agent', this.customUserAgent);
|
||||
}
|
||||
|
||||
// Clean path from directory traversal
|
||||
path = path.split('../').join('');
|
||||
|
||||
const requestInit: RequestInit = {
|
||||
cache: 'no-store',
|
||||
credentials: this.getCredentials(),
|
||||
|
Loading…
Reference in New Issue
Block a user