7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from gialpremium/111219-m-reflected-xss-fix 

K-111219: Reflected XSS на /web-tools/nginx-config-generator
This commit is contained in:
Aleksandr Gichkalov 2021-11-11 14:44:14 +04:00 committed by GitHub
parent d126616c8d 28c7cfc5ac
commit 6a7f743fb7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/js/app.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/nginxconfig/generators/conf/letsencrypt.conf.js
View File

@ -29,7 +29,7 @@ export default global => {
config['# ACME-challenge'] = ''; config['# ACME-challenge'] = '';
config['location ^~ /.well-known/acme-challenge/'] = { config['location ^~ /.well-known/acme-challenge/'] = {
root: global.https.letsEncryptRoot.computed.replace(/\/+$/, ''), root: global.https.letsEncryptRoot.computed.replace(/(<.+>)|(\/+$)/, ''),
}; };
// Done! // Done!

1
src/nginxconfig/templates/domain_sections/server.vue
View File

@ -208,6 +208,7 @@ THE SOFTWARE.
watch: { watch: {
'$props.data.domain': { '$props.data.domain': {
handler(data) { handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
// Ignore www. if given, enable WWW subdomain // Ignore www. if given, enable WWW subdomain
if (data.computed.startsWith('www.')) { if (data.computed.startsWith('www.')) {
data.computed = data.computed.slice(4); data.computed = data.computed.slice(4);