File tree Expand file tree Collapse file tree 2 files changed +4
-4
lines changed
Expand file tree Collapse file tree 2 files changed +4
-4
lines changed Original file line number Diff line number Diff line change @@ -606,16 +606,16 @@ export const composeHandler = ({
606606 if ( cookieMeta . sign === true )
607607 _encodeCookie +=
608608 'for(const [key, cookie] of Object.entries(_setCookie)){' +
609- `c.set.cookie[key].value=await signCookie(cookie.value,\` ${ secret } \` )` +
609+ `c.set.cookie[key].value=await signCookie(cookie.value,${ ! secret ? 'undefined' : overrideUnsafeQuote ( secret ) } +
610610 '}'
611611 else {
612612 if ( typeof cookieMeta . sign === 'string' )
613613 cookieMeta . sign = [ cookieMeta . sign ]
614614
615615 for ( const name of cookieMeta . sign )
616616 _encodeCookie +=
617- `if(_setCookie[' ${ name } ' ]?.value)` +
618- `c.set.cookie[' ${ name } ' ].value=await signCookie(_setCookie[' ${ name } ' ].value,\` ${ secret } \` )\n`
617+ `if(_setCookie[${ overrideUnsafeQuote ( name ) } +
618+ `c.set.cookie[${ overrideUnsafeQuote ( name ) } ${ overrideUnsafeQuote ( name ) } ${ ! secret ? 'undefined' : overrideUnsafeQuote ( secret ) }
619619 }
620620
621621 _encodeCookie += '}\n'
Original file line number Diff line number Diff line change @@ -420,7 +420,7 @@ describe('Edge Case', () => {
420420 } )
421421 } )
422422
423- it ( 'handle arbitary code execution from cookie' , async ( ) => {
423+ it ( 'handle arbitrary code execution from cookie' , async ( ) => {
424424 const app = new Elysia ( {
425425 cookie : {
426426 secrets : `\` + console.log(c.q='pwn') + \`` ,
You can’t perform that action at this time.
0 commit comments