AstroCom/AstroCom-API
4
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Replace regex with html escape (so people can *try* to do funny, but fail :)

Browse source
This commit is contained in:
Christopher Cookman 2024-12-15 09:32:57 -07:00
parent f9ddc3513f
commit b767bad677
3 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
index.js
View file

@ -421,7 +421,7 @@ app.post('/api/v1/user/directory', (req, res) => { // Create a new directory ent
} }
// Remove html // Remove html
name = name.replace(/<[^>]*>?/gm, ''); name = require("escape-html")(name);
const route = req.session.userData.id; const route = req.session.userData.id;
// If number already exists, update, otherwise insert // If number already exists, update, otherwise insert
db.get('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route], (err, row) => { db.get('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route], (err, row) => {

1
package-lock.json generated
View file

@ -12,6 +12,7 @@
"bcrypt": "^5.1.1", "bcrypt": "^5.1.1",
"dotenv": "^16.4.7", "dotenv": "^16.4.7",
"ejs": "^3.1.10", "ejs": "^3.1.10",
"escape-html": "^1.0.3",
"express": "^4.21.2", "express": "^4.21.2",
"express-session": "^1.18.1", "express-session": "^1.18.1",
"session-file-store": "^1.5.0", "session-file-store": "^1.5.0",

1
package.json
View file

@ -13,6 +13,7 @@
"bcrypt": "^5.1.1", "bcrypt": "^5.1.1",
"dotenv": "^16.4.7", "dotenv": "^16.4.7",
"ejs": "^3.1.10", "ejs": "^3.1.10",
"escape-html": "^1.0.3",
"express": "^4.21.2", "express": "^4.21.2",
"express-session": "^1.18.1", "express-session": "^1.18.1",
"session-file-store": "^1.5.0", "session-file-store": "^1.5.0",