search

oduwsdl / tmvis

An archival thumbnail visualization server
MIT License
8 stars 7 forks source link

Relative non-URIs path literals produce error #60

Open machawk1 opened 5 years ago

machawk1 commented 5 years ago

Testing the service at http://tmvis.cs.odu.edu

I enter ../../../../ as the text input. Hitting calculate then shows a blank page with the error: Cannot GET /alsummarizedview/

../../../ displays Cannot GET /alsummarizedview/internetarchive/.

../../ displays Cannot GET /alsummarizedview/internetarchive/all/

etc.

This error should probably keep the user within the interface and report that the "URI" is invalid as input instead of showing a blank page with the above respective message.

machawk1 commented 4 years ago

This issue persists in the latest master, 87f8d5a. There ought to be some input sanitation or some sanity checks in-place (as above) to verify that the submitted value is a URI.