rene/PeerCortex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(server): catch invalid URL in HTTP handler to prevent XSS-probe crashes

Browse Source 
new URL() throws ERR_INVALID_URL on malformed inputs like XSS probe
requests (e.g. //brusEYkk%22%3E%3Cscript%3E...). Uncaught exception
caused memory leak and process restarts. Return HTTP 400 instead.
This commit is contained in:
Rene Fichtmueller 2026-03-28 22:28:21 +08:00
parent 98b5cb1843
commit f8578a2176
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server.js
View File

@ -967,8 +967,14 @@ const server = http.createServer(async (req, res) => {
return res.end(); return res.end();
} }
const url = new URL(req.url, "http://localhost"); let url, reqPath;
const reqPath = url.pathname; try {
url = new URL(req.url, "http://localhost");
reqPath = url.pathname;
} catch (_urlErr) {
res.writeHead(400);
return res.end("Bad Request");
}
// Serve static files // Serve static files
if (reqPath === "/" || reqPath === "/index.html") { if (reqPath === "/" || reqPath === "/index.html") {