mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
15 lines
416 B
JavaScript
15 lines
416 B
JavaScript
|
// Safe: req.query.lang routed through the project-local `stripCRLF` helper
|
||
|
|
// (a registered HEADER_INJECTION sanitizer) before the subscript-set, so
|
||
|
|
// taint-header-injection stays clean.
|
||
|
|
function stripCRLF(raw) {
|
||
|
|
return raw.replace(/[\r\n]/g, '');
|
||
|
|
}
|
||
|
|
|
||
|
|
function handler(req, res) {
|
||
|
|
const lang = req.query.lang;
|
||
|
|
res.headers["X-Forwarded-By"] = stripCRLF(lang);
|
||
|
|
res.end();
|
||
|
|
}
|
||
|
|
|
||
|
|
module.exports = handler;
|