mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
8 lines
265 B
JavaScript
8 lines
265 B
JavaScript
// Baseline: tainted body flows through a non-parser string operation.
|
|
// No XML parser entry point, no XXE label classification.
|
|
function handle(req, res) {
|
|
const body = req.query.xml;
|
|
res.send("<wrap>" + body + "</wrap>");
|
|
}
|
|
|
|
module.exports = { handle };
|