Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 17:00:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

🍪 fix: input validation for lang cookie (#4024)

Browse source 
Co-authored-by: DanielAlt <daniel.altenburg@proton.me>
This commit is contained in:
Daniel 2024-09-13 09:00:59 -04:00 committed by GitHub
parent 4ef5ae6f71
commit c792e3279f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/server/index.js
View file

@ -114,7 +114,8 @@ const startServer = async () => {
app.use((req, res) => { app.use((req, res) => {
// Replace lang attribute in index.html with lang from cookies or accept-language header // Replace lang attribute in index.html with lang from cookies or accept-language header
const lang = req.cookies.lang || req.headers['accept-language']?.split(',')[0] || 'en-US'; const lang = req.cookies.lang || req.headers['accept-language']?.split(',')[0] || 'en-US';
const updatedIndexHtml = indexHTML.replace(/lang="en-US"/g, `lang="${lang}"`); const saneLang = lang.replace(/"/g, '&quot;'); // sanitize untrusted user input
const updatedIndexHtml = indexHTML.replace(/lang="en-US"/g, `lang="${saneLang}"`);
res.send(updatedIndexHtml); res.send(updatedIndexHtml);
}); });