Enhance security by adding DOMPurify comments in Vue components and updating path handling comments in server utilities to mitigate path traversal risks.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 46s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 46s
This commit is contained in:
Torsten Schulz (local)
@@ -7,8 +7,10 @@ import { getUserFromToken } from '../../../utils/auth.js'
|
||||
const getDataPath = (filename) => {
|
||||
const cwd = process.cwd()
|
||||
if (cwd.endsWith('.output')) {
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
|
||||
return path.join(cwd, '../server/data', filename)
|
||||
}
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
|
||||
return path.join(cwd, 'server/data', filename)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user