diff --git a/public/src/utils.common.js b/public/src/utils.common.js index 4ecf17e4f2..873292d22e 100644 --- a/public/src/utils.common.js +++ b/public/src/utils.common.js @@ -300,7 +300,9 @@ const utils = { const pattern = (tags || ['']).join('|'); return String(str).replace(new RegExp('<(\\/)?(' + (pattern || '[^\\s>]+') + ')(\\s+[^<>]*?)?\\s*(\\/)?>', 'gi'), ''); }, - + stripBidiControls: function (input) { + return input.replace(/[\u202A-\u202E\u2066-\u2069]/g, ''); + }, cleanUpTag: function (tag, maxLength) { if (typeof tag !== 'string' || !tag.length) { return ''; diff --git a/src/notifications.js b/src/notifications.js index e71366417e..e7db55cf99 100644 --- a/src/notifications.js +++ b/src/notifications.js @@ -177,6 +177,9 @@ Notifications.create = async function (data) { if (!result.data) { return null; } + if (data.bodyShort) { + data.bodyShort = utils.stripBidiControls(data.bodyShort); + } await Promise.all([ db.sortedSetAdd('notifications', now, data.nid), db.setObject(`notifications:${data.nid}`, data), diff --git a/test/utils.js b/test/utils.js index e9ccbd4108..2e0ce72e8a 100644 --- a/test/utils.js +++ b/test/utils.js @@ -44,6 +44,26 @@ describe('Utility Methods', () => { done(); }); + describe('utils.stripBidiControls', () => { + it('should remove common bidi embedding and override controls', () => { + const input = '\u202AHello\u202C \u202BWorld\u202C \u202DDwellers\u202E'; + const out = utils.stripBidiControls(input); + assert.strictEqual(out, 'Hello World Dwellers'); + }); + + it('should remove bidirectional isolate formatting characters', () => { + const input = '\u2066abc\u2067def\u2068ghi\u2069'; + const out = utils.stripBidiControls(input); + assert.strictEqual(out, 'abcdefghi'); + }); + + it('should leave normal text unchanged', () => { + const input = 'plain text 123'; + const out = utils.stripBidiControls(input); + assert.strictEqual(out, 'plain text 123'); + }); + }); + it('should preserve case if requested', (done) => { assert.strictEqual(slugify('UPPER CASE', true), 'UPPER-CASE'); done();