9862a77b6a
Summary: Use a whitelist to validate user-provided file names. This doesn't cover the entire range of valid filenames but should cover almost all of them in practice. Allows letters, numbers, periods, dashes, and underscores. Opting to use a whitelist instead of a blacklist because getting this wrong leaves us vulnerable to a RCE attack. This is the same patch I submitted to create-react-app: https://github.com/facebook/create-react-app/pull/4866 See s163726 for more details Reviewed By: LukasReschke Differential Revision: D9504148 fbshipit-source-id: e3c7587f1b7f93bec90a58a38d5f6d58f1f59275 |
||
|---|---|---|
| .. | ||
| debugger-ui | ||
| external | ||
| copyToClipBoard.js | ||
| jsPackagerClient.js | ||
| launchChrome.js | ||
| launchEditor.js | ||
| messageSocket.js | ||
| webSocketProxy.js | ||