Code example contains XSS vulnerability

[jwoyo]

Existing documentation URL(s)

• https://developers.cloudflare.com/r2/examples/demo-worker/

What changes are you suggesting?

Hey,

it bugs me that this code example has an obvious XSS vulnerability. The objectName can contain an arbitrary user input that is passed as an unsanitized value to the html response that is returned by objectNotFound. I suggest to fix that.

Best,
Julian

Additional information

No response

[Oxyjun]

Hey @jwoyo, thanks for raising this issue!

We'll get it escalated internally and look into updating the code example.

Also, just as an FYI - feel free to also suggest changes by directly editing the docs! You can fork this repo, and create a pull request from there 😁

[Oxyjun]

Update: we'll be removing this example, and setup a redirect to https://developers.cloudflare.com/r2/api/workers/workers-api-usage/.

We're tracking this change here: #22898

Edit: The above PR has been merged, so I'll close out this issue. Thanks @jwoyo !

[jwoyo]

Cool! thanks for acting so quickly. Cheers!