mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
9 lines
265 B
JavaScript
9 lines
265 B
JavaScript
|
// Baseline: tainted body flows through a non-parser string operation.
|
||
|
|
// No XML parser entry point, no XXE label classification.
|
||
|
|
function handle(req, res) {
|
||
|
|
const body = req.query.xml;
|
||
|
|
res.send("<wrap>" + body + "</wrap>");
|
||
|
|
}
|
||
|
|
|
||
|
|
module.exports = { handle };
|