mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
12 lines
344 B
JavaScript
12 lines
344 B
JavaScript
// Unsafe: tainted XML reaches xml2js.parseString with `processEntities: true`,
|
|
// activating the XXE gate.
|
|
const xml2js = require("xml2js");
|
|
|
|
function handle(req, res) {
|
|
const body = req.query.xml;
|
|
xml2js.parseString(body, { processEntities: true }, (err, result) => {
|
|
res.json(result);
|
|
});
|
|
}
|
|
|
|
module.exports = { handle };
|