mirror of
https://github.com/screentinker/screentinker.git
synced 2026-05-15 07:32:23 -06:00
14 lines
698 B
JavaScript
14 lines
698 B
JavaScript
// HTML escape helper — prevents XSS when inserting user data into innerHTML
|
|
export function esc(str) {
|
|
if (str == null) return '';
|
|
return String(str).replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>').replace(/"/g,'"').replace(/'/g,''');
|
|
}
|
|
|
|
// Phase 2.1: the Phase 1 schema migration renamed the legacy 'superadmin'
|
|
// role to 'platform_admin'. Existing frontend checks still match the old
|
|
// string; this helper accepts both so we don't have to splatter the array
|
|
// at every call site. Use everywhere the UI gates on platform-level access.
|
|
export function isPlatformAdmin(user) {
|
|
return !!(user && (user.role === 'superadmin' || user.role === 'platform_admin'));
|
|
}
|