fix: escape special characters before insertion to template

jperelli / osm-static-maps

Openstreetmap static maps is a nodejs lib, CLI and server open source inspired on google static map service

http://osm-static-maps.herokuapp.com/

GNU General Public License v2.0

160 stars 52 forks source link

Closed snoopysecurity closed 3 years ago

snoopysecurity commented 3 years ago

For the sample server, this PR sanitizers characters such as quotes and double quotes to prevent XSS payloads. E.g. '+alert(1)+'

jperelli commented 3 years ago

Thank you, will publish in npm in v3.9.0