Commit Graph

23 Commits

Author SHA1 Message Date
KalleV 5b6c6cdf5c fix(cve-2023-29827): replace EJS with Handlebars to resolve security warning
Relates to: https://github.com/loopbackio/loopback-next/issues/9867

Signed-off-by: KalleV <kvirtaneva@gmail.com>
2023-11-12 17:32:11 +08:00
Raymond Feng bda981feb8 feat: add options.rootProperty for json/xml
Using `error` as the root property is a good default but we should
be able to use a different one or don't use it at all.
2020-06-23 10:05:24 -07:00
Miroslav Bajtoš 67fc40b78b
chore: update eslint & config to latest
Replace `var` with `const` and `let`.

Signed-off-by: Miroslav Bajtoš <mbajtoss@gmail.com>
2019-10-12 09:44:54 +02:00
dkrantsberg 4b3c802088
fix: handle Error objects with circular properties 2019-09-30 07:58:34 +02:00
Agnes Lin 589e432812 chore: update copyrights years 2019-05-09 08:51:57 -04:00
shimks 80ebf30cfa Add type definition and writeErrorToResponse 2018-08-30 12:09:28 -04:00
shimks 7828534804 Allow safeFields to work with arrays
Co-authored-by: Miroslav Bajtos <mbajtoss@gmail.com>
2018-06-08 15:01:45 -04:00
shimks b7b3961ff2 run lint 2018-06-07 12:47:21 -04:00
shimks 56d26b377e drop node 4 from travis and update dependencies 2018-06-07 12:47:13 -04:00
Zak Barbuto 0ce15b2d27 Undefined safeFields revert to data #71 2018-03-05 14:09:51 +10:30
Zachery Metcalf 35328be26b
Escape strings in HTML output (XSS fix)
Modify the template producing HTML error responses to correctly
escape all strings that are possibly coming from the client making the
request. Before this change, the error responses were vulnerable to XSS
(cross-site scripting) attacks.
2018-01-25 14:16:24 +01:00
Raj 4d973929c1
Add new option: negotiateContentType
The option controls whether response content type is negotiated with
the client and it's enabled by default.
2017-07-20 10:19:29 +02:00
Zak Barbuto 382fffc8b0 Add a machine-readable "code" property
Include `error.code` in 4xx responses.
2017-02-01 10:10:20 +01:00
Miroslav Bajtoš 461867de1d Upgrade dependencies to their latest versions
Also:

 - fix linting errors after upgrading eslint-config-loopback
 - fix a bug discovered by eslint where uknown `?_format`
   was throwing an unhandled error
2017-02-01 09:24:21 +01:00
Miroslav Bajtoš 936e2d4838 Stop adding safeFields to original options arg 2017-01-30 14:48:38 +01:00
Zak Barbuto 4e3f6eb6cc Support options.safeFields 2017-01-30 13:51:34 +01:00
Ahmet Ozisik 06c53d1f73 xml support added 2017-01-09 19:01:52 +03:00
David Cheung 4b29acdcb0 Test with express instead of http server 2016-06-14 12:04:32 -04:00
David Cheung 5646680e5e HTML response for accepted headers 2016-06-14 12:04:32 -04:00
David Cheung 9f74606847 Remove statusCode from details in Array errors
This is to preserve behavior from strong-remoting rest adapter
2016-05-25 11:12:31 -04:00
David Cheung ef72b5c0f1 Include err.message and err.name for debug data
err.message and err.name are not enumerable,
therefore needs to be explicited added to the data obj
2016-05-20 11:00:03 -04:00
David Cheung cfde2a8bb0 Handle error from res.statusCode 2016-05-13 11:27:53 -04:00
Miroslav Bajtoš 225d35994b Initial implementation
The response is always JSON
Options supported: log, debug
2016-05-13 13:10:53 +02:00