Skip to content

Commit

Permalink
✨ (CodeQL) Sanitize URL Host with Allowlist
Browse files Browse the repository at this point in the history
  • Loading branch information
@pixeebot-test
pixeebot-test[bot] authored Jul 21, 2024
1 parent bc9cef1 commit a2a77a4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion routes/updateUserProfile.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ module.exports = function updateUserProfile () {
if (user != null) {
challengeUtils.solveIf(challenges.csrfChallenge, () => {
return ((req.headers.origin?.includes('://htmledit.squarefree.com')) ??
(req.headers.referer?.includes('://htmledit.squarefree.com'))) &&
(new URL(req.headers.referer).hostname === 'htmledit.squarefree.com')) &&
req.body.username !== user.username
})
void user.update({ username: req.body.username }).then((savedUser: UserModel) => {
Expand Down

0 comments on commit a2a77a4

Please sign in to comment.