Add escaping for bad platform string.

From GitbookIO#138
AnimeoTV · Jun 21, 2023 · d9d3f42 · d9d3f42
1 parent d613496
commit d9d3f42
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/lib/nuts.js b/lib/nuts.js
@@ -257,7 +257,9 @@ Nuts.prototype.onUpdateRedirect = function (req, res, next) {
       if (!req.query.platform) throw new Error('Requires "platform" parameter');
 
       return res.redirect(
-        `${that.opts.routePrefix}update/${req.query.platform}/${req.query.version}`
+        `${that.opts.routePrefix}update/${_.escape(req.query.platform)}/${
+          req.query.version
+        }`
       );
     })
     .fail(next);