Skip to content

Commit

Permalink
fix(ssr): Improve URL sanitization and routing in serve.js for SSR
Browse files Browse the repository at this point in the history
fix(ssr): Improve URL sanitization and routing in serve.js for SSR

- Enhance `sanitizeUrl` function to comprehensively handle nested encodings, control characters, query parameters, hash fragments, and path traversal.
- Add iterative decoding in `sanitizeUrl` to support URLs with multiple encoding layers.
- Normalize URLs by stripping extraneous characters, collapsing redundant slashes, ensuring a leading slash, and conditionally removing trailing slashes.
- Implement `createMatchPathMiddleware` with modularized helpers:
  - `sanitizeUrl`: Cleans and normalizes URL paths.
  - `findMatchPath`: Safely finds a matching path with error handling.
  - `logMatch`: Logs match details if logging is enabled.
  - `handleError`: Centralized error handler for consistent logging and responses.
- Add caching for URL matches to improve performance.
- Add informative logs for matched paths, request durations, and errors.
- Ensure compatibility with various URL structures and improve security against path traversal vulnerabilities.
- Improve maintainability by breaking down the code into modular, reusable functions.

This commit addresses [Issue #39010](#39010) and enhances SSR handling for encoded URLs, improving both performance and robustness in the `serve.js` middleware.
  • Loading branch information
emmron committed Nov 7, 2024
1 parent 186553b commit a0aef26
Showing 1 changed file with 186 additions and 353 deletions.
Loading

0 comments on commit a0aef26

Please sign in to comment.