-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathindex.js
More file actions
41 lines (36 loc) · 727 Bytes
/
index.js
File metadata and controls
41 lines (36 loc) · 727 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
export const unsafeFilenameFixtures = Object.freeze([
'',
' ',
'.',
'..',
' .',
'. ',
' ..',
'.. ',
'../',
'../foo',
'foo/../bar',
'foo/bar',
'foo\\bar',
'foo\0bar',
]);
export default function isSafeFilename(filename) {
if (typeof filename !== 'string') {
return false;
}
const trimmed = filename.trim();
return trimmed !== ''
&& trimmed !== '.'
&& trimmed !== '..'
&& !filename.includes('/')
&& !filename.includes('\\')
&& !filename.includes('\0');
}
export function assertSafeFilename(filename) {
if (typeof filename !== 'string') {
throw new TypeError('Expected a string');
}
if (!isSafeFilename(filename)) {
throw new Error(`Unsafe filename: ${JSON.stringify(filename)}`);
}
}