apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-06 19:35:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/header_injection/javascript/unsafe_set_header.js
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

9 lines
264 B
JavaScript
Raw Blame History

// Unsafe: Express `res.setHeader` receives a value built from req.query.
// HEADER_INJECTION fires on the value argument.
function handler(req, res) {
const lang = req.query.lang;
res.setHeader('X-Lang', lang);
res.end();
}
module.exports = handler;
Reference in a new issue View git blame Copy permalink