OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
f9f343fb8dda773b749db4dee00704f8bbe79c19
node/doc/api
History
Rafael Gonzaga 6f7f51b8f1 doc: clarify fileURLToPath security considerations 
Add clarification that fileURLToPath() decodes encoded
dot-segments (%2e%2e) which are normalized as path traversal.
Applications must perform their own path validation to
prevent directory traversal attacks.

Also applies to fileURLToPathBuffer().

PR-URL: https://github.com/nodejs/node/pull/60887
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
2025-11-30 22:02:12 +00:00
..
addons.md
doc,src,test: replace use of deprecated GetIsolate
2025-10-04 18:48:35 +02:00
assert.md
doc: restore REPLACEME on assert change
2025-11-27 08:45:00 +00:00
async_context.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
async_hooks.md
buffer.md
doc: add additional codemods for deprecation
2025-11-24 09:44:56 +00:00
child_process.md
doc: recommend events.once to manage 'close' event
2025-11-08 15:04:44 +00:00
cli.md
src: implicitly enable namespace in config
2025-11-23 09:39:59 +00:00
cluster.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
console.md
2025-10-08, Version 24.10.0 (Current)
2025-10-08 19:44:10 -03:00
crypto.md
doc: fix incorrect slh-dsa oids in crypto.md
2025-11-13 16:44:24 +00:00
debugger.md
deprecations.md
events: repurpose events.listenerCount() to accept EventTargets
2025-11-26 11:09:07 +00:00
dgram.md
2025-06-09, Version 24.2.0 (Current)
2025-06-09 23:45:29 +02:00
diagnostics_channel.md
http2: add diagnostics channels for client stream request body
2025-11-01 19:56:44 +05:30
dns.md
doc: add missing CAA type to dns.resolveAny() & dnsPromises.resolveAny()
2025-10-22 18:43:07 +00:00
documentation.md
doc: clarify release candidate stability index
2025-08-02 10:58:21 +00:00
domain.md
doc: domain.add() does not accept timer objects
2025-11-13 04:10:29 +00:00
embedding.md
environment_variables.md
doc: mark .env files support as stable
2025-10-03 15:43:10 +02:00
errors.md
esm: use sync loading/resolving on non-loader-hook thread
2025-10-31 20:45:10 +00:00
esm.md
doc: highlight module loading difference between import and require
2025-11-08 15:04:35 +00:00
events.md
events: repurpose events.listenerCount() to accept EventTargets
2025-11-26 11:09:07 +00:00
fs.md
doc: correct 'event handle' to 'event handler' in Utf8Stream drop event
2025-11-28 10:43:07 +00:00
globals.md
doc: add additional codemods for deprecation
2025-11-24 09:44:56 +00:00
http2.md
2025-11-25, Version 20.19.6 'Iron' (LTS)
2025-11-25 13:25:23 +01:00
http.md
doc: fix linter issues
2025-11-08 17:09:29 +00:00
https.md
doc: fix linter issues
2025-11-08 17:09:29 +00:00
index.md
doc: add new environment variables doc page
2025-07-20 20:53:54 +00:00
inspector.md
2025-08-28, Version 22.19.0 'Jod' (LTS)
2025-08-28 23:08:02 +02:00
intl.md
module.md
doc: mark module.register as active development
2025-11-27 10:36:29 +00:00
modules.md
doc: fix pseudo code in modules.md
2025-11-08 14:34:49 +00:00
n-api.md
node-api: add support for Float16Array
2025-11-18 07:09:43 +00:00
net.md
net: increase network family autoselection timeout to 500ms
2025-11-04 17:56:49 +00:00
os.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
packages.md
doc: correct module loading descriptions
2025-10-31 20:30:23 +00:00
path.md
2025-09-24, Version 22.20.0 'Jod' (LTS)
2025-09-24 13:04:16 +00:00
perf_hooks.md
2025-11-11, Version 25.2.0 (Current)
2025-11-11 23:27:20 +01:00
permissions.md
src: implicitly enable namespace in config
2025-11-23 09:39:59 +00:00
process.md
2025-11-11, Version 25.2.0 (Current)
2025-11-11 23:27:20 +01:00
punycode.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
querystring.md
quic.md
doc: fix quic session instance typo
2025-08-29 02:24:57 +00:00
readline.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
repl.md
doc: add additional codemods for deprecation
2025-11-24 09:44:56 +00:00
report.md
2025-01-07, Version 22.13.0 'Jod' (LTS)
2025-01-07 14:36:47 -05:00
single-executable-applications.md
doc,test: add documentation and test on how to use addons in SEA
2025-11-17 04:41:11 +00:00
sqlite.md
doc: show the use of string expressions in the SQLTagStore example
2025-11-30 13:31:56 +00:00
stream.md
lib: add support for readable byte streams to .toWeb()
2025-11-16 06:51:24 +00:00
string_decoder.md
synopsis.md
test.md
doc: add fullName property to SuiteContext
2025-11-25 19:34:19 +00:00
timers.md
2025-06-09, Version 24.2.0 (Current)
2025-06-09 23:45:29 +02:00
tls.md
doc: correct tls ALPNProtocols types
2025-11-15 21:38:08 +00:00
tracing.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
tty.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
typescript.md
2025-11-11, Version 25.2.0 (Current)
2025-11-11 23:27:20 +01:00
url.md
doc: clarify fileURLToPath security considerations
2025-11-30 22:02:12 +00:00
util.md
doc: replace column with columnNumber in example of util.getCallSites
2025-11-30 02:36:26 +00:00
v8.md
v8: adding total_allocated_bytes to HeapStatistics
2025-11-07 15:56:41 +00:00
vm.md
2025-10-20, Version 22.21.0 'Jod' (LTS)
2025-10-21 01:45:50 +02:00
wasi.md
doc: fix typed list formatting
2025-07-15 17:18:42 +00:00
webcrypto.md
doc,crypto: update subtle.generateKey and subtle.importKey
2025-09-13 08:55:17 +00:00
webstreams.md
lib: add support for readable byte streams to .toWeb()
2025-11-16 06:51:24 +00:00
worker_threads.md
perf_hooks: move non-standard performance properties to perf_hooks
2025-10-28 00:23:50 +01:00
zlib.md
doc: add missing Zstd strategy constants
2025-08-19 18:38:44 +00:00