resolve-path
Resolve a relative path against a root path with validation.
This module would protect against commons attacks like GET /../file.js
which reaches outside the root folder.
Installation
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install resolve-path
API
var resolvePath = require('resolve-path')
resolvePath(relativePath)
Resolve a relative path against process.cwd()
(the process's current working
directory) and return an absolute path. This will throw if the resulting resolution
seems malicious. The following are malicious:
- The relative path is an absolute path
- The relative path contains a NULL byte
- The relative path resolves to a path outside of
process.cwd()
- The relative path traverses above
process.cwd()
and back down
resolvePath(rootPath, relativePath)
Resolve a relative path against the provided root path and return an absolute path. This will throw if the resulting resolution seems malicious. The following are malicious:
- The relative path is an absolute path
- The relative path contains a NULL byte
- The relative path resolves to a path outside of the root path
- The relative path traverses above the root and back down
Example
Safely resolve paths in a public directory
var http = var parseUrl = var path = var resolvePath = // the public directoryvar publicDir = path // the servervar server = http server