Skip to content

Commit

Permalink
[filesystem] Fixes eclipse-theia#4792 XSS vulnerability.
Browse files Browse the repository at this point in the history 
Mitigates the issue by removing all unsanitized information from the
response.

Signed-off-by: Casey Flynn <caseyflynn@google.com>

Signed-off-by: Doron Nahari doron.nahari@sap.com
  • Loading branch information
@caseyflynn-google @kittaakos
caseyflynn-google authored and kittaakos committed Apr 3, 2019
1 parent b6c9ef0 commit 61f8e91
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion packages/filesystem/src/node/download/file-download-handler.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ export abstract class FileDownloadHandler {

protected async handleError(response: Response, reason: string | Error, status: number = INTERNAL_SERVER_ERROR): Promise<void> {
this.logger.error(reason);
response.status(status).send(reason).end();
response.status(status).send('Unable to download file.').end();
}

}
Expand Down

0 comments on commit 61f8e91

Please sign in to comment.