Check the hostname value for legality to eliminate dirty data

2023-07-13 12:27:38 +08:00
parent 7bfbe26485
commit 35cf149876
1 changed files with 7 additions and 0 deletions
--- a/lib/session.ts
+++ b/lib/session.ts
@@ -30,6 +30,13 @@ export async function findSession(req: NextApiRequestCollect) {
  // Verify payload
  const { website: websiteId, hostname, screen, language } = payload;

+
+  // Check the hostname value for legality to eliminate dirty data
+  const validHostnameRegex = /^[\w-.]+$/;
+  if (!validHostnameRegex.test(hostname)) {
+    throw new Error('Invalid hostname.');
+  }
+
  if (!validate(websiteId)) {
    throw new Error('Invalid website ID.');
  }