mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
13 lines
423 B
JavaScript
13 lines
423 B
JavaScript
// Safe-template-var: nunjucks.renderString gets a *constant* template
|
|
// source; only the data context (arg 1) carries user input. Per the
|
|
// gated SSTI classifier (payload_args=[0]), this must NOT fire.
|
|
const nunjucks = require('nunjucks');
|
|
|
|
function handler(req, res) {
|
|
const html = nunjucks.renderString('Hello, {{ name }}', {
|
|
name: req.query.name,
|
|
});
|
|
res.send(html);
|
|
}
|
|
|
|
module.exports = handler;
|