Merge pull request +13387 from c9/ide-catch_uri_malformed_errors

decodeURIComponent can throw

plugins/c9.preview/lib/middleware/sanitize-path-param.js

@@ -1,9 +1,16 @@
 "use strict";
 
 var Path = require("path");
+var error = require("http-error");
 
 module.exports = function sanitzePreviewPath(req, res, next) {
-    var normalized = Path.normalize(decodeURIComponent(req.params.path));
+    
+    var normalized;
+    try {
+        normalized = Path.normalize(decodeURIComponent(req.params.path));
+    } catch(e) {
+        return next(new error.BadRequest("URI malformed"));
+    }
 
     // N.B. Path.normalize does not strip away when the path starts with "../"
     if (normalized)