Merge pull request #1372 from FlowiseAI/bugfix/XSS-array-query

Bugfix/Sanitized &amp
2023-12-12 16:46:35 +00:00 · 2023-12-12 16:46:35 +00:00 · 6dc7508968
parent dd5034e6a4 8e1ef2d533
commit 6dc7508968
1 changed files with 2 additions and 2 deletions
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@ -200,7 +200,7 @@ export class App {

        // Get component credential via name
        this.app.get('/api/v1/components-credentials/:name', (req: Request, res: Response) => {
-            if (!req.params.name.includes('&')) {
+            if (!req.params.name.includes('&amp;')) {
                if (Object.prototype.hasOwnProperty.call(this.nodesPool.componentCredentials, req.params.name)) {
                    return res.json(this.nodesPool.componentCredentials[req.params.name])
                } else {
@ -208,7 +208,7 @@ export class App {
                }
            } else {
                const returnResponse = []
-                for (const name of req.params.name.split('&')) {
+                for (const name of req.params.name.split('&amp;')) {
                    if (Object.prototype.hasOwnProperty.call(this.nodesPool.componentCredentials, name)) {
                        returnResponse.push(this.nodesPool.componentCredentials[name])
                    } else {