OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

doc: clarify path.isAbsolute is not path traversal mitigation

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/57073
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jordan Harband <ljharb@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit is contained in:
Eric Fortis
2025-03-02 12:48:59 -05:00
committed by GitHub
parent 464485397a
commit 97cbefabd9
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
doc/api/path.md
View File

@@ -317,17 +317,19 @@ added: v0.11.2
* `path` {string}
* Returns: {boolean}
The `path.isAbsolute()` method determines if `path` is an absolute path.
The `path.isAbsolute()` method determines if the literal `path` is absolute.
Therefore, its not safe for mitigating path traversals.
If the given `path` is a zero-length string, `false` will be returned.
For example, on POSIX:
```js
path.isAbsolute('/foo/bar'); // true
path.isAbsolute('/baz/..'); // true
path.isAbsolute('qux/'); // false
path.isAbsolute('.'); // false
path.isAbsolute('/foo/bar'); // true
path.isAbsolute('/baz/..'); // true
path.isAbsolute('/baz/../..'); // true
path.isAbsolute('qux/'); // false
path.isAbsolute('.'); // false
```
On Windows: