From c792e3279f04fc3a3a2969dc6ef41fb24cc7ea05 Mon Sep 17 00:00:00 2001 From: Daniel Date: Fri, 13 Sep 2024 09:00:59 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=8D=AA=20fix:=20input=20validation=20for?= =?UTF-8?q?=20`lang`=20cookie=20(#4024)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: DanielAlt --- api/server/index.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api/server/index.js b/api/server/index.js index 8c4d3250f8..3bc0a05003 100644 --- a/api/server/index.js +++ b/api/server/index.js @@ -114,7 +114,8 @@ const startServer = async () => { app.use((req, res) => { // Replace lang attribute in index.html with lang from cookies or accept-language header const lang = req.cookies.lang || req.headers['accept-language']?.split(',')[0] || 'en-US'; - const updatedIndexHtml = indexHTML.replace(/lang="en-US"/g, `lang="${lang}"`); + const saneLang = lang.replace(/"/g, '"'); // sanitize untrusted user input + const updatedIndexHtml = indexHTML.replace(/lang="en-US"/g, `lang="${saneLang}"`); res.send(updatedIndexHtml); });