Platform independent path validation
This commit is contained in:
parent
1f846bd5fe
commit
6615e2788a
@ -7,9 +7,9 @@ function safePath(basePath: string, name: string): boolean {
|
|||||||
return (
|
return (
|
||||||
!!relative &&
|
!!relative &&
|
||||||
// does move out of `basePath`
|
// does move out of `basePath`
|
||||||
!relative.startsWith('..') &&
|
!relative.startsWith(`..${path.sep}`) &&
|
||||||
// exactly one layer deep, e.g. no `./uplodas/foo/bar`
|
// exactly one layer deep, e.g. no `./uplodas/foo/bar`
|
||||||
!relative.includes('/') &&
|
!relative.includes(path.sep) &&
|
||||||
// result is not an absolute path
|
// result is not an absolute path
|
||||||
!path.isAbsolute(relative)
|
!path.isAbsolute(relative)
|
||||||
);
|
);
|
||||||
|
Reference in New Issue
Block a user