Issue: 2991

malicious file name leads to code execution

[issue link]

Hello there,

it might be unintended, that javascript code can be injected to the generated .nuxt/router.js file by crafting a maliciously named file inside of the /pages/ dir.

For example, placing a file named ');console.log('hello') && ('.vue inside of the pages directory will lead to JS code execution both on the server and the client.

This question is available on Nuxt.js community (#c2593)