You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The FilePart of MultipartFormData just uses the raw filename provided by the client. While this API is technically correct, it is very easy to mistakenly use the filename in unsafe places, such as in a path to write to a file on the system. This leaves users open to directory traversal attacks.
Instead of a filename method that returns the filename, we could perhaps have an unsafeFilename method and a sanitizedFilename method, and deprecate the existing filename method. The sanitized version could simply remove any other path components besides the actual file name, which is totally fine since the spec says the filename is only a suggested name.
The text was updated successfully, but these errors were encountered:
The
FilePart
ofMultipartFormData
just uses the rawfilename
provided by the client. While this API is technically correct, it is very easy to mistakenly use the filename in unsafe places, such as in a path to write to a file on the system. This leaves users open to directory traversal attacks.Instead of a
filename
method that returns the filename, we could perhaps have anunsafeFilename
method and asanitizedFilename
method, and deprecate the existingfilename
method. The sanitized version could simply remove any other path components besides the actual file name, which is totally fine since the spec says thefilename
is only a suggested name.The text was updated successfully, but these errors were encountered: