Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol.
wisp.place
nekomimi.pet
1/**
2 * Sanitize a file path to prevent directory traversal attacks
3 * Removes any path segments that attempt to go up directories
4 */
5export function sanitizePath(filePath: string): string {
6 // Remove leading slashes
7 let cleaned = filePath.replace(/^\/+/, '');
8
9 // Split into segments and filter out dangerous ones
10 const segments = cleaned.split('/').filter(segment => {
11 // Remove empty segments
12 if (!segment || segment === '.') return false;
13 // Remove parent directory references
14 if (segment === '..') return false;
15 // Remove segments with null bytes
16 if (segment.includes('\0')) return false;
17 return true;
18 });
19
20 // Rejoin the safe segments
21 return segments.join('/');
22}
23
24/**
25 * Normalize a path by removing leading base folder names
26 */
27export function normalizePath(path: string): string {
28 return path.replace(/^[^\/]*\//, '');
29}