From 2e60e61513fd9add9a51735527acbec94227ea98 Mon Sep 17 00:00:00 2001
From: Jafar Akhondali <jafar.akhoondali@gmail.com>
Date: Tue, 30 Jul 2024 18:39:58 +0200
Subject: [PATCH] Block malicious looking requests to prevent path traversal
 attacks.

---
 playground/20-12-02-wasm-ffmpeg/server.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/playground/20-12-02-wasm-ffmpeg/server.js b/playground/20-12-02-wasm-ffmpeg/server.js
index 51eda5e..06c0c30 100644
--- a/playground/20-12-02-wasm-ffmpeg/server.js
+++ b/playground/20-12-02-wasm-ffmpeg/server.js
@@ -15,6 +15,11 @@ const mimeTypes = {
 };
 
 http.createServer({}, (request, response) => {
+    if (path.normalize(decodeURI(request.url)) !== decodeURI(request.url)) {
+        response.statusCode = 403;
+        response.end();
+        return;
+    }
   const uri = url.parse(request.url).pathname;
   let filename = path.join(process.cwd(), uri);