fix(prerender): skip writing routes with `..` or outside of public dir

fix(prerender): skip writing routes with `..` or outside of public dir · nitrojs/nitro@50b3bc5

Original file line number	Diff line number	Diff line change
`@@ -154,8 +154,8 @@ export async function prerender(nitro: Nitro) {`
`154`	`154`	`};`
`155`	`155`
`156`	`156`	`const canWriteToDisk = (route: PrerenderRoute) => {`
`157`		`-// Cannot write routes with query`
`158`		`-if (route.route.includes("?")) {`
	`157`	`+// Cannot write routes with query or containing ..`
	`158`	`+if (route.route.includes("?") \|\| route.route.includes("..")) {`
`159`	`159`	`return false;`
`160`	`160`	`}`
`161`	`161`
`@@ -291,8 +291,8 @@ export async function prerender(nitro: Nitro) {`
`291`	`291`	`}`
`292`	`292`
`293`	`293`	`// Write to the disk`
`294`		`-if (canWriteToDisk(_route)) {`
`295`		`- const filePath = join(nitro.options.output.publicDir, _route.fileName);`
	`294`	`+const filePath = join(nitro.options.output.publicDir, _route.fileName);`
	`295`	`+if (canWriteToDisk(_route) && filePath.startsWith(nitro.options.output.publicDir)) {`
`296`	`296`	`await writeFile(filePath, dataBuff!);`
`297`	`297`	`nitro._prerenderedRoutes!.push(_route);`
`298`	`298`	`} else {`