ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2025-12-13 07:46:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

do not sanitize description of embed

Browse Source
This commit is contained in:
Moriz Wahl 2022-11-24 18:24:53 +01:00
parent cff0d1601f
commit 3e6566bff5
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
backend/src/helpers/walkRecursive.js
View File

@ -2,24 +2,26 @@
* iterate through all fields and replace it with the callback result
* @property data Array
* @property fields Array
* @property fieldName String
* @property callback Function
*/
function walkRecursive(data, fields, callback, _key) {
function walkRecursive(data, fields, fieldName, callback, _key) {
if (!Array.isArray(fields)) {
throw new Error('please provide an fields array for the walkRecursive helper')
}
if (data && typeof data === 'string' && fields.includes(_key)) {
// well we found what we searched for, lets replace the value with our callback result
data = callback(data, _key)
const key = _key.split('!')
if (key.length === 1 || key[1] !== fieldName) data = callback(data, _key)
} else if (data && Array.isArray(data)) {
// go into the rabbit hole and dig through that array
data.forEach((res, index) => {
data[index] = walkRecursive(data[index], fields, callback, index)
data[index] = walkRecursive(data[index], fields, fieldName, callback, index)
})
} else if (data && typeof data === 'object') {
// lets get some keys and stir them
Object.keys(data).forEach((k) => {
data[k] = walkRecursive(data[k], fields, callback, k)
data[k] = walkRecursive(data[k], fields, fieldName, callback, k)
})
}
return data

7
backend/src/middleware/xssMiddleware.js
View File

@ -1,21 +1,22 @@
import walkRecursive from '../helpers/walkRecursive'
import { cleanHtml } from '../middleware/helpers/cleanHtml.js'
// exclamation mark separetes field names, that should not be sanitized
const fields = [
'content',
'contentExcerpt',
'reasonDescription',
'description',
'description!embed',
'descriptionExcerpt',
]
export default {
Mutation: async (resolve, root, args, context, info) => {
args = walkRecursive(args, fields, cleanHtml)
args = walkRecursive(args, fields, info.fieldName, cleanHtml)
return resolve(root, args, context, info)
},
Query: async (resolve, root, args, context, info) => {
const result = await resolve(root, args, context, info)
return walkRecursive(result, fields, cleanHtml)
return walkRecursive(result, fields, info.fieldName, cleanHtml)
},
}