mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
389 B
JavaScript
13 lines
389 B
JavaScript
// Phase 08 (Track J.6) — JavaScript HEADER_INJECTION benign control
|
|
// fixture.
|
|
//
|
|
// Same shape as `vuln.js` but URL-encodes the value first via
|
|
// `encodeURIComponent`, so CRLF bytes land as `%0D%0A` and the wire
|
|
// keeps a single header.
|
|
const http = require('http');
|
|
|
|
function run(res, value) {
|
|
res.setHeader('Set-Cookie', encodeURIComponent(value));
|
|
}
|
|
|
|
module.exports = { run };
|