问题
I want everything in a directory called public to be allowed to be served. What I have is:
let uri = require('url').parse(req.url).pathname;
let filePath = `${publicDir}/${uri}`;
// then simply check if the file exists.
Is the pathname property on the object returned by url.parse protected against injection attacks? I don't know what they would all be. But for example attacks like mysite.com/../../users/.
来源:https://stackoverflow.com/questions/47481784/does-url-parse-protect-against-in-a-url