Where's My Fox Security Review: Difference between revisions

Jump to navigation Jump to search

Where's My Fox Security Review (view source)

Revision as of 16:25, 16 April 2014

34 bytes added ,  16 April 2014
→‎Direct File Access
No edit summary
Line 31: Line 31:
To serve its static content, the app does a ioutil.ReadFile("." + req.URL.Path) ... I see there is a check for ".." above that but it still gives me the creeps. Is there no better way to do this? Also are we totally sure that filtering on ".." is enough? Maybe that code should only work in development mode while production mode uses a front-end proxy to service /static ?
To serve its static content, the app does a ioutil.ReadFile("." + req.URL.Path) ... I see there is a check for ".." above that but it still gives me the creeps. Is there no better way to do this? Also are we totally sure that filtering on ".." is enough? Maybe that code should only work in development mode while production mode uses a front-end proxy to service /static ?


==== Process Execution ====


Nope.


=== Templates ===
=== Templates ===
St3fan
Confirmed users
971

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/965591"

Navigation menu