re: Todo-MVP: Or 'Why You Shouldn't Use A Web Framework' - The Revenge VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Your node.js implementation doesn't sanitize static file path, allowing an attacker to load any file from disk. Framework would have likely prevent...
 

Sorry, it's not worth fixing IMO.

A framework that parses incoming requests and calls your code is exactly the right choice for the problem of responding to web requests at multiple endpoints. Not for every problem, but for this one, yes.

code of conduct - report abuse