angular-cn

Commit Graph

Author	SHA1	Message	Date
Martin Probst	d498314850	fix(zone.js): a path traversal attack in test (#32392 ) `simple-server.js` is vulnerable to a trivial path traversal attack, i.e. an attacker can supply a path like `../../etc/passwd` to read arbitrary files on the server. This change fixes the issue by properly resolving the path, and then only serving files under the current directory (as intended). This is not really a security issue, given the code is not part of Angular, but rather just testing infrastructure for Angular itself, and the CI servers are not expected to contain confidential information, but still worth fixing for code hygiene. PR Close #32392	2019-08-30 12:44:46 -07:00
JiaLiPassion	5eb7426216	build: move zone.js to angular repo (#30962 ) PR Close #30962	2019-06-20 11:27:39 -07:00

Author

SHA1

Message

Date

Martin Probst

d498314850

fix(zone.js): a path traversal attack in test (#32392 )

`simple-server.js` is vulnerable to a trivial path traversal attack, i.e. an
attacker can supply a path like `../../etc/passwd` to read arbitrary files on
the server. This change fixes the issue by properly resolving the path, and then
only serving files under the current directory (as intended).

This is not really a security issue, given the code is not part of Angular, but
rather just testing infrastructure for Angular itself, and the CI servers are
not expected to contain confidential information, but still worth fixing for
code hygiene.

PR Close #32392

2019-08-30 12:44:46 -07:00

JiaLiPassion

5eb7426216

build: move zone.js to angular repo (#30962 )

PR Close #30962

2019-06-20 11:27:39 -07:00

2 Commits