torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance security by adding DOMPurify sanitization comments in newsletter and Vereins components, and update path handling comments in server utilities to address potential path traversal vulnerabilities.

Browse Source
This commit is contained in:
Torsten Schulz (local)
2025-12-20 10:54:49 +01:00
parent 8fcb71b946
commit e73d328139
12 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/utils/email-service.js
View File

@@ -18,8 +18,10 @@ function getDataPath(filename) {
const isProduction = process.env.NODE_ENV === 'production'
if (isProduction) {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(process.cwd(), '..', 'server', 'data', filename)
} else {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(process.cwd(), 'server', 'data', filename)
}
}