daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: add alert on REPL from TCP socket 

PR-URL: https://github.com/nodejs/node/pull/54594
Refs: https://hackerone.com/reports/2684357
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
pull/54661/head
Rafael Gonzaga 2024-08-30 11:33:06 -03:00 committed by GitHub
parent 9a275e15c3
commit 5a22d8e013
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/api/repl.md
View File

@ -774,6 +774,14 @@ a `net.Server` and `net.Socket` instance, see:
For an example of running a REPL instance over [`curl(1)`][], see:
<https://gist.github.com/TooTallNate/2053342>.
This example is intended purely for educational purposes to demonstrate how
Node.js REPLs can be started using different I/O streams.
It should **not** be used in production environments or any context where security
is a concern without additional protective measures.
If you need to implement REPLs in a real-world application, consider alternative
approaches that mitigate these risks, such as using secure input mechanisms and
avoiding open network interfaces.
[TTY keybindings]: readline.md#tty-keybindings
[ZSH]: https://en.wikipedia.org/wiki/Z_shell
[`'uncaughtException'`]: process.md#event-uncaughtexception