From fe39c475a2d5ab0236f460ad72ee956245364804 Mon Sep 17 00:00:00 2001
From: Jafar Akhondali <jafar.akhoondali@gmail.com>
Date: Thu, 7 Nov 2024 17:23:01 +0100
Subject: [PATCH] Block malicious looking requests to prevent path traversal
 attacks.

---
 packages/docs/web-server/index.mjs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/docs/web-server/index.mjs b/packages/docs/web-server/index.mjs
index 8cbd23434..7e1abd54f 100644
--- a/packages/docs/web-server/index.mjs
+++ b/packages/docs/web-server/index.mjs
@@ -35,5 +35,10 @@ function write(res, file) {
 
 http.createServer((req, res) => {
     const route = req.url.split('/').slice(1);
+    if (route.includes('..')) {
+        res.writeHead(403);
+        res.end('');
+        return;
+    }
     write(res, route);
 }).listen(PORT, HOST);