mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
14 lines
528 B
JavaScript
14 lines
528 B
JavaScript
// Safe: tainted XML reaches xml2js.parseString with default options.
|
|
// xml2js does not expand external entities unless explicitly configured;
|
|
// the gate's dangerous_kwargs list (`processEntities`/`explicitEntities`/
|
|
// `strict`) is empty in the literal, so the gate suppresses the finding.
|
|
const xml2js = require("xml2js");
|
|
|
|
function handle(req, res) {
|
|
const body = req.query.xml;
|
|
xml2js.parseString(body, { explicitArray: false }, (err, result) => {
|
|
res.json(result);
|
|
});
|
|
}
|
|
|
|
module.exports = { handle };
|