KalleV
5b6c6cdf5c
fix(cve-2023-29827): replace EJS with Handlebars to resolve security warning
...
Relates to: https://github.com/loopbackio/loopback-next/issues/9867
Signed-off-by: KalleV <kvirtaneva@gmail.com>
2023-11-12 17:32:11 +08:00
Raymond Feng
bda981feb8
feat: add options.rootProperty for json/xml
...
Using `error` as the root property is a good default but we should
be able to use a different one or don't use it at all.
2020-06-23 10:05:24 -07:00
Miroslav Bajtoš
67fc40b78b
chore: update eslint & config to latest
...
Replace `var` with `const` and `let`.
Signed-off-by: Miroslav Bajtoš <mbajtoss@gmail.com>
2019-10-12 09:44:54 +02:00
dkrantsberg
4b3c802088
fix: handle Error objects with circular properties
2019-09-30 07:58:34 +02:00
Agnes Lin
589e432812
chore: update copyrights years
2019-05-09 08:51:57 -04:00
shimks
80ebf30cfa
Add type definition and writeErrorToResponse
2018-08-30 12:09:28 -04:00
shimks
7828534804
Allow safeFields to work with arrays
...
Co-authored-by: Miroslav Bajtos <mbajtoss@gmail.com>
2018-06-08 15:01:45 -04:00
shimks
b7b3961ff2
run lint
2018-06-07 12:47:21 -04:00
shimks
56d26b377e
drop node 4 from travis and update dependencies
2018-06-07 12:47:13 -04:00
Zak Barbuto
0ce15b2d27
Undefined safeFields revert to data #71
2018-03-05 14:09:51 +10:30
Zachery Metcalf
35328be26b
Escape strings in HTML output (XSS fix)
...
Modify the template producing HTML error responses to correctly
escape all strings that are possibly coming from the client making the
request. Before this change, the error responses were vulnerable to XSS
(cross-site scripting) attacks.
2018-01-25 14:16:24 +01:00
Raj
4d973929c1
Add new option: negotiateContentType
...
The option controls whether response content type is negotiated with
the client and it's enabled by default.
2017-07-20 10:19:29 +02:00
Zak Barbuto
382fffc8b0
Add a machine-readable "code" property
...
Include `error.code` in 4xx responses.
2017-02-01 10:10:20 +01:00
Miroslav Bajtoš
461867de1d
Upgrade dependencies to their latest versions
...
Also:
- fix linting errors after upgrading eslint-config-loopback
- fix a bug discovered by eslint where uknown `?_format`
was throwing an unhandled error
2017-02-01 09:24:21 +01:00
Miroslav Bajtoš
936e2d4838
Stop adding safeFields to original options arg
2017-01-30 14:48:38 +01:00
Zak Barbuto
4e3f6eb6cc
Support options.safeFields
2017-01-30 13:51:34 +01:00
Ahmet Ozisik
06c53d1f73
xml support added
2017-01-09 19:01:52 +03:00
David Cheung
4b29acdcb0
Test with express instead of http server
2016-06-14 12:04:32 -04:00
David Cheung
5646680e5e
HTML response for accepted headers
2016-06-14 12:04:32 -04:00
David Cheung
9f74606847
Remove statusCode from details in Array errors
...
This is to preserve behavior from strong-remoting rest adapter
2016-05-25 11:12:31 -04:00
David Cheung
ef72b5c0f1
Include err.message and err.name for debug data
...
err.message and err.name are not enumerable,
therefore needs to be explicited added to the data obj
2016-05-20 11:00:03 -04:00
David Cheung
cfde2a8bb0
Handle error from res.statusCode
2016-05-13 11:27:53 -04:00
Miroslav Bajtoš
225d35994b
Initial implementation
...
The response is always JSON
Options supported: log, debug
2016-05-13 13:10:53 +02:00