27 lines
668 B
TypeScript
27 lines
668 B
TypeScript
import path from "node:path";
|
|
|
|
export function sanitizeUntrustedFileName(fileName: string, fallbackName: string): string {
|
|
const trimmed = String(fileName ?? "").trim();
|
|
if (!trimmed) {
|
|
return fallbackName;
|
|
}
|
|
let base = path.posix.basename(trimmed);
|
|
base = path.win32.basename(base);
|
|
let cleaned = "";
|
|
for (let i = 0; i < base.length; i++) {
|
|
const code = base.charCodeAt(i);
|
|
if (code < 0x20 || code === 0x7f) {
|
|
continue;
|
|
}
|
|
cleaned += base[i];
|
|
}
|
|
base = cleaned.trim();
|
|
if (!base || base === "." || base === "..") {
|
|
return fallbackName;
|
|
}
|
|
if (base.length > 200) {
|
|
base = base.slice(0, 200);
|
|
}
|
|
return base;
|
|
}
|