Skip to content
This repository has been archived by the owner on May 4, 2020. It is now read-only.

Make sure that nobody can "hack" the path parameter when browsing docs #31

Open
everzet opened this issue Jan 11, 2015 · 2 comments
Open

Make sure that nobody can "hack" the path parameter when browsing docs #31

everzet opened this issue Jan 11, 2015 · 2 comments
Labels
help wanted question
Milestone
go public

Comments

@everzet
Copy link
Member

everzet commented Jan 11, 2015

Our path requirement in documentation routes is currently path: '.*\.html'. I'm not sure it's very secure, but I can't think of any hacks people can apply there. Feel free to chime in and slap me in the face with some possible way to hack it, so we can patch it before going live.
@stof
Copy link
Member

stof commented Jan 12, 2015

this is OK IMO (once we solve #24 to avoid conflicts between the extensions doc and the behat doc)

@stof
Copy link
Member

stof commented May 21, 2015

hmm, we should forbid people to send something like .. in the path to go outside the doc though

@everzet everzet added this to the go public milestone Aug 4, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted question
Projects
None yet
Milestone
go public
Development

No branches or pull requests
2 participants
@everzet @stof