Remove stripping of null bytes

This was at one point necessary because of an old bug in url.parse See: #16 (comment) See: 43f7e72 But this opens up a regex dos attack vector! D: Based on some research (ie asking #node-dev if this is still an issue), it's *probably* not an issue. :)
jfhbrook · Aug 9, 2016 · 71ce939 · 71ce939
1 parent 2fceb40
commit 71ce939
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/lib/ecstatic.js b/lib/ecstatic.js
@@ -52,9 +52,21 @@ var ecstatic = module.exports = function (dir, options) {
   return function middleware (req, res, next) {
 
     // Strip any null bytes from the url
+    // This was at one point necessary because of an old bug in url.parse
+    //
+    // See: https://github.com/jfhbrook/node-ecstatic/issues/16#issuecomment-3039914
+    // See: https://github.com/jfhbrook/node-ecstatic/commit/43f7e72a31524f88f47e367c3cc3af710e67c9f4
+    //
+    // But this opens up a regex dos attack vector! D:
+    //
+    // Based on some research (ie asking #node-dev if this is still an issue),
+    // it's *probably* not an issue. :)
+    /*
     while(req.url.indexOf('%00') !== -1) {
       req.url = req.url.replace(/\%00/g, '');
     }
+    */
+
     // Figure out the path for the file from the given url
     var parsed = url.parse(req.url);
     try {