Zac Poorman

icon company Full Time / Contractor / Volunteer icon location Sr. Full Stack Engineer. Bringing Agile and well engineered solutions to every problem.

Results 6 issues of Zac Poorman

added sanitizing for file input

11 comment

This change is [](https://reviewable.io/reviews/mongo-express/mongo-express/981) - - - Fix #980 Let me know if we need to do something else --- Additional changes: - replace `escapeHtml.js` with `html-entities`

security
feature

Vulnerability Scanner Found unsanitized input in collection.js

3 comment

Ran a new scan and found an XSS attack vector, think I have a solution will create PR ![mongo-express-vuls](https://user-images.githubusercontent.com/33203487/191324336-c8d3fe9f-17fd-4fd9-83a2-8c3de478b54d.png)

bug
security

New version needed on NPM

1 comment

We need a new version on npm with the resolved swig-templates to free-swig. I don't know what that takes to do, but I am more than happy to help with...

updates to packages

added handelbars update to patch vulnerability

https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 added an updated version of handlebars to patch the issue disclosed here.

Patch for DOMXSS

3 comment

**Note:** Filling out this template is required. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainer's discretion....