resolve-path
Resolve a relative path against a root path with validation.
This module would protect against commons attacks like GET /../file.js which reaches outside the root folder.
Installation
This is a Node.js module available through the npm registry. Installation is done using the npm install command:
$ npm install resolve-pathAPI
var resolvePath = require('resolve-path')resolvePath(relativePath)
Resolve a relative path against process.cwd() (the process's current working directory) and return an absolute path. This will throw if the resulting resolution seems malicious. The following are malicious:
The relative path is an absolute path
The relative path contains a NULL byte
The relative path resolves to a path outside of
process.cwd()The relative path traverses above
process.cwd()and back down
resolvePath(rootPath, relativePath)
Resolve a relative path against the provided root path and return an absolute path. This will throw if the resulting resolution seems malicious. The following are malicious:
The relative path is an absolute path
The relative path contains a NULL byte
The relative path resolves to a path outside of the root path
The relative path traverses above the root and back down
Example
Safely resolve paths in a public directory
License
Last updated