bun.sh

mirror of https://github.com/oven-sh/bun synced 2026-02-18 14:51:52 +00:00

Files

Claude Bot 2c8d016c76 fix(server): sanitize Content-Disposition filename to prevent header injection

Strip \r, \n, ", \, and null bytes from filenames used in auto-generated
Content-Disposition headers to prevent CRLF injection / HTTP response
splitting attacks.

Closes #26959

Co-Authored-By: Claude <noreply@anthropic.com>

2026-02-12 07:22:30 +00:00

fixtures

Fix request.url having incorrect port

2023-10-16 15:14:15 -07:00

issue

fix(server): sanitize Content-Disposition filename to prevent header injection

2026-02-12 07:22:30 +00:00

brotli-reset-leak.test.ts

fix: memory leaks in error-handling code for Brotli, Zstd, and Zlib compression state machines (#25592 )

2025-12-18 21:42:14 -08:00

issue23966.test.ts

Fix Buffer.isEncoding('') to return false (#23968 )

2025-10-22 16:15:29 -07:00