To sanitize a file path you can use https://golang.org/pkg/path/#Clean , but you probably want to use https://golang.org/pkg/path/#Base . The reason is that depending on the browser/client, you may get a path containing slashes, or you may get just the base filename. So it's better to just extract the base filename and treat everyone the same. David
On Wed, Aug 30, 2017, at 10:44 AM, gocss wrote: > Is there go code to sanitize a filename [or filename(s) if <input > type=file ... multiple>] when the handler is processing them so as to > detect things such as ../ that might be buried within them ?> > Also is there a way to find out the full pathname? > > -- > You received this message because you are subscribed to the Google > Groups "golang-nuts" group.> To unsubscribe from this group and stop > receiving emails from it, > send an email to golang-nuts+unsubscr...@googlegroups.com.> For more > options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
