search

jfhbrook / node-ecstatic

A static file server middleware that works with core http, express or on the CLI!
https://github.com/jfhbrook/node-ecstatic
MIT License
975 stars 194 forks source link

Added documentation about cloning ecstatic on Windows - close #172 #173

Closed dotnetCarpenter closed 8 years ago

dotnetCarpenter commented 8 years ago

I think the simplest way to overcome our tests, for malformed directory listings links, breaking git on Windows, is to educate Windows users about the caveat. This is my attempt to do so.

dotnetCarpenter commented 8 years ago

@jfhbrook Is my english that bad?

jfhbrook commented 8 years ago

Nah I just let this get lost in the shuffle.

jfhbrook commented 8 years ago

Are there characters which would be good candidates for checking encoding that are in fact legal in windows and mac/linux ?

dotnetCarpenter commented 8 years ago

Yes, the Windows illegal characters are \ / < > | * ? " :

I also posted them in #172

dotnetCarpenter commented 8 years ago

Sorry, misread your question

dotnetCarpenter commented 8 years ago

@jfhbrook as I wrote in #172, the attack we're protecting us against is only made possible by using characters that are not legal on Windows. So in order to check that ecstatic is in fact encoding these directory names, you have to have a directory that is illegal to have on Windows. I can't think of a way out. Perhaps someone knows in some security forum?

jfhbrook commented 8 years ago

I think the characters just have to be ones that need to be html encoded, yeah?

At any rate I agree, this should be documented.