From 5a60d58d247fe90ea6ff30e6789c09d5c892d80b Mon Sep 17 00:00:00 2001
From: hackademix
Date: Tue, 17 Jul 2018 12:10:17 +0200
Subject: Prevent script injection from messing with
 content-disposition=attachment responses.

---
 src/lib/ContentMetaData.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/ContentMetaData.js b/src/lib/ContentMetaData.js
index da335ad..002a212 100644
--- a/src/lib/ContentMetaData.js
+++ b/src/lib/ContentMetaData.js
@@ -4,7 +4,7 @@ class ContentMetaData {
     let {responseHeaders} = request;
     for (let h of responseHeaders) {
       if (/^\s*Content-(Type|Disposition)\s*$/i.test(h.name)) {
-        this[h.name.split("-")[1].trim().toLowerCase()] = h.value;
+        this[RegExp.$1.toLowerCase()] = h.value;
       }
     }
   }
-- 
cgit v1.2.3