Santize loaded filenames

Stuk / jszip

Create, read and edit .zip files with Javascript

https://stuk.github.io/jszip/

Other

9.81k stars 1.3k forks source link

Santize loaded filenames #884

Open kant2002 opened 1 year ago

kant2002 commented 1 year ago

Backport of https://github.com/Stuk/jszip/pull/813 to v2.7.0

I again need this for https://github.com/optilude/xlsx-template because users mention security vulnerability

kant2002 commented 1 year ago

Separate question, I would gladly abandon maintaining of the v2.x if I would be able use sync version of some methods. Is it possible if I reintroduce sync methods which I need, maybe with different name loadSync for example. That way I would not break my API, and would finally jump to v3.

kant2002 commented 1 year ago

@Stuk can you take a look at this?

kant2002 commented 1 year ago

@Stuk hope you are doing fine. Pinging you just in case you miss this in notifications.