Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-03-06 04:21:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

resolve XSS vulnerability in flags pages

Browse Source
This commit is contained in:
Julian Lam
2017-10-13 11:54:05 -04:00
parent 9101400264
commit b44cfacda1
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/flags.js
View File

@@ -4,6 +4,7 @@ var async = require('async');
var _ = require('lodash');
var S = require('string');
var winston = require('winston');
var validator = require('validator');
var db = require('./database');
var user = require('./user');
@@ -92,6 +93,7 @@ Flags.get = function (flagId, callback) {
}, function (err, payload) {
// Final object return construction
next(err, Object.assign(data.base, {
description: validator.escape(data.base.description),
datetimeISO: new Date(parseInt(data.base.datetime, 10)).toISOString(),
target_readable: data.base.type.charAt(0).toUpperCase() + data.base.type.slice(1) + ' ' + data.base.targetId,
target: payload.targetObj,
@@ -200,6 +202,7 @@ Flags.list = function (filters, uid, callback) {
}
next(null, Object.assign(flagObj, {
description: validator.escape(flagObj.description),
target_readable: flagObj.type.charAt(0).toUpperCase() + flagObj.type.slice(1) + ' ' + flagObj.targetId,
datetimeISO: new Date(parseInt(flagObj.datetime, 10)).toISOString(),
}));