You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(ssr): Improve URL sanitization and routing in serve.js for SSR
fix(ssr): Improve URL sanitization and routing in serve.js for SSR
- Enhance `sanitizeUrl` function to comprehensively handle nested encodings, control characters, query parameters, hash fragments, and path traversal.
- Add iterative decoding in `sanitizeUrl` to support URLs with multiple encoding layers.
- Normalize URLs by stripping extraneous characters, collapsing redundant slashes, ensuring a leading slash, and conditionally removing trailing slashes.
- Implement `createMatchPathMiddleware` with modularized helpers:
- `sanitizeUrl`: Cleans and normalizes URL paths.
- `findMatchPath`: Safely finds a matching path with error handling.
- `logMatch`: Logs match details if logging is enabled.
- `handleError`: Centralized error handler for consistent logging and responses.
- Add caching for URL matches to improve performance.
- Add informative logs for matched paths, request durations, and errors.
- Ensure compatibility with various URL structures and improve security against path traversal vulnerabilities.
- Improve maintainability by breaking down the code into modular, reusable functions.
This commit addresses [Issue #39010](#39010) and enhances SSR handling for encoded URLs, improving both performance and robustness in the `serve.js` middleware.
0 commit comments