admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 10:31:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Sandbox HTML binary files in viewing mode (#14350)

Browse Source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2025-04-02 14:55:15 +02:00
committed by GitHub
parent cc225bd63e
commit 9c8a5f9c57
2 changed files with 161 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/cli/src/controllers/binary-data.controller.ts
View File

@@ -38,7 +38,14 @@ export class BinaryDataController {
} catch {}
}
if (mimeType) res.setHeader('Content-Type', mimeType);
if (mimeType) {
res.setHeader('Content-Type', mimeType);
// Sandbox html files when viewed in a browser
if (mimeType.includes('html') && action === 'view') {
res.header('Content-Security-Policy', 'sandbox');
}
}
if (action === 'download' && fileName) {
const encodedFilename = encodeURIComponent(fileName);
@@ -47,7 +54,7 @@ export class BinaryDataController {
return await this.binaryDataService.getAsStream(binaryDataId);
} catch (error) {
if (error instanceof FileNotFoundError) return res.writeHead(404).end();
if (error instanceof FileNotFoundError) return res.status(404).end();
else throw error;
}
}