Add escaping for bad platform string.

rastiqdev · rastiqdev · commit d9d3f42a0c9a · 2023-06-21T13:08:11.000+02:00
From GitbookIO#138
diff --git a/lib/nuts.js b/lib/nuts.js
@@ -257,7 +257,9 @@ Nuts.prototype.onUpdateRedirect = function (req, res, next) {
       if (!req.query.platform) throw new Error('Requires "platform" parameter');
 
       return res.redirect(
-        `${that.opts.routePrefix}update/${req.query.platform}/${req.query.version}`
+        `${that.opts.routePrefix}update/${_.escape(req.query.platform)}/${
+          req.query.version
+        }`
       );
     })
     .fail(next);
