From 78e4463ef42315ec45e8d3b360d62729ea265135 Mon Sep 17 00:00:00 2001
From: yoni-noma <yonatan@nomasec.com>
Date: Wed, 29 Jan 2025 21:49:39 +0200
Subject: [PATCH] wrapping decodeURIComponent in a try catch for every request
 in the server, making sure it isn't a malformed URI

---
 server/index.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/server/index.ts b/server/index.ts
index 2bfa92da..4cecb4b2 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -51,6 +51,17 @@ app.use((req, res, next) => {
 	next()
 })
 
+// Ensure URL is properly encoded to prevent decoding errors and malformed requests
+app.use((req, res, next) => {
+	try {
+		decodeURIComponent(req.url); // Validate the URL
+		next();
+	} catch (err) {
+		console.error('Malformed URL detected:', req.url);
+		return res.status(400).send('Bad Request: Malformed URL');
+	}
+});
+
 // no ending slashes for SEO reasons
 // https://github.com/epicweb-dev/epic-stack/discussions/108
 app.get('*', (req, res, next) => {