hapijs / content Goto Github PK
View Code? Open in Web Editor NEWHTTP Content-* headers parsing
License: Other
HTTP Content-* headers parsing
License: Other
🚨 You need to enable Continuous Integration on Greenkeeper branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.
Since we didn’t receive a CI status on the greenkeeper/initial
branch, it’s possible that you don’t have CI set up yet.
We recommend using:
If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/
.
Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please click the 'fix repo' button on account.greenkeeper.io.
I am currently using the following to type @hapi/content
. It would be nice if this module exported its own types. I d'ont have the time or resources to make a PR. Sorry about that.
// types.d.ts
declare module '@hapi/content' {
export type MutlipartContentType = {
mime: `multipart/${string}`
boundary: string
}
export type ContentType = {
mime: string
}
export function type(header: `multipart/${string}`): MutlipartContentType
export function type(header: string): ContentType | MutlipartContentType
export type ContentDisposition = {
name: string
} & { [_ in string]?: string }
/**
* @param header - The value of the Content-Disposition "form-data" header
*/
export function disposition(
header: string
): typeof header extends `inline${string}` | `attachment${string}` ? never : ContentDisposition
}
I got a vulnerability report from Snyk https://snyk.io/vuln/npm:content:20180305
The fix for me would be to upgrade to hapi 17 which atm is not an option. Since 16 is still LTS would porting the fix be an option?
I was trying to parse something like attachment; filename=1542796243.jpg
to get the filename, but it throws because of missing name
parameter.
Any suggestion?
Prevent passing multipart name
value as __proto__
for better security hygiene.
import hc from '@hapi/content';
let ret = hc.disposition(`attachment; filename="%E5%B0%8F%E8%AA%AA%E5%90%8D%E5%AD%97.epub"; filename*=UTF-8''%E5%B0%8F%E8%AA%AA%E5%90%8D%E5%AD%97.epub`);
console.log(ret)
This is not an issue as the parameter is just dropped but it is better to be explicit about it to send a message to the user.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.