Skip to content

Commit 870d778

Browse files
author
Naomi Carrigan
authored
fix: sanitise html (#370)
1 parent fe87daf commit 870d778

File tree

4 files changed

+1522
-11839
lines changed

4 files changed

+1522
-11839
lines changed

apps/anonymous-message-board/controllers/replyHandler.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
const MongoClient = require("mongodb").MongoClient;
22
const ObjectId = require("mongodb").ObjectID;
33
const CONNECTION_STRING = process.env.DB_URI;
4+
const sanitizeHtml = require("sanitize-html");
45

56
function ReplyHandler() {
67
this.replyList = function (req, res) {
@@ -35,7 +36,7 @@ function ReplyHandler() {
3536
const now = new Date();
3637
const reply = {
3738
_id: new ObjectId(),
38-
text: req.body.text,
39+
text: sanitizeHtml(req.body.text),
3940
created_on: now,
4041
reported: false,
4142
delete_password: req.body.delete_password,
@@ -52,7 +53,7 @@ function ReplyHandler() {
5253
$set: { bumped_on: now },
5354
$push: { replies: reply },
5455
},
55-
() => {}
56+
() => { }
5657
);
5758
}
5859
);
@@ -73,7 +74,7 @@ function ReplyHandler() {
7374
"replies._id": new ObjectId(req.body.reply_id),
7475
},
7576
{ $set: { "replies.$.reported": true } },
76-
() => {}
77+
() => { }
7778
);
7879
}
7980
);

apps/anonymous-message-board/controllers/threadHandler.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
const MongoClient = require("mongodb").MongoClient;
22
const ObjectId = require("mongodb").ObjectID;
33
const CONNECTION_STRING = process.env.DB_URI;
4+
const sanitizeHtml = require("sanitize-html");
45

56
function ThreadHandler() {
67
this.threadList = function (req, res) {
@@ -41,7 +42,7 @@ function ThreadHandler() {
4142
this.newThread = function (req, res) {
4243
const board = req.params.board;
4344
const thread = {
44-
text: req.body.text,
45+
text: sanitizeHtml(req.body.text),
4546
created_on: new Date(),
4647
bumped_on: new Date(),
4748
reported: false,
@@ -73,7 +74,7 @@ function ThreadHandler() {
7374
collection.findOneAndUpdate(
7475
{ _id: new ObjectId(req.body.report_id) },
7576
{ $set: { reported: true } },
76-
() => {}
77+
() => { }
7778
);
7879
}
7980
);

apps/anonymous-message-board/package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@
1616
"express": "4.18.2",
1717
"helmet": "3.23.3",
1818
"mocha": "9.2.2",
19-
"mongodb": "3.7.3"
19+
"mongodb": "3.7.3",
20+
"sanitize-html": "^2.8.1"
2021
},
2122
"license": "MIT"
2223
}

0 commit comments

Comments
 (0)