ocelot-Social-Community/Ocelot-Social
1
0
Fork 0
mirror of https://github.com/Ocelot-Social-Community/Ocelot-Social.git synced 2025-12-13 07:46:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

commented xss middleware

Browse Source
This commit is contained in:
Grzegorz Leoniec 2018-10-29 13:54:12 +01:00
parent 00cc53e045
commit 4e153c9ce8
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/middleware/xssMiddleware.js
View File

@ -76,6 +76,7 @@ function clean (dirty) {
return { return {
tagName: 'img', tagName: 'img',
attribs: { attribs: {
// TODO: use environment variables
src: `http://localhost:3050/images?url=${src}` src: `http://localhost:3050/images?url=${src}`
} }
} }
@ -83,14 +84,20 @@ function clean (dirty) {
} }
}) })
// remove empty html tags and duplicated returns // remove empty html tags and duplicated linebreaks and returns
dirty = dirty dirty = dirty
// remove all tags with "space only"
.replace(/<[a-z]>[\s]*<\/[a-z]>/igm, '') .replace(/<[a-z]>[\s]*<\/[a-z]>/igm, '')
// remove all iframes
.replace(/(<iframe(?!.*?src=(['"]).*?\2)[^>]*)(>)[^>]*\/*>/igm, '') .replace(/(<iframe(?!.*?src=(['"]).*?\2)[^>]*)(>)[^>]*\/*>/igm, '')
.replace(/<p>[\s]*(<br ?\/?>)+[\s]*<\/p>/igm, '<br />') // replace all p tags with line breaks (and spaces) only by single linebreaks
.replace(/(<br ?\/?>){2,}/igm, '<br />') .replace(/<p>[\s]*(<br ?\/?>)+[\s]*<\/p>/igm, '<br>')
// replace multiple linebreaks with single ones
// limit linebreaks to max 2 (equivalent to html "br" linebreak)
.replace(/(<br ?\/?>){2,}/igm, '<br>')
.replace(/[\n]{3,}/igm, '\n\n') .replace(/[\n]{3,}/igm, '\n\n')
.replace(/(\r\n|\n\r|\r|\n)/g, '<br>$1') .replace(/(\r\n|\n\r|\r|\n)/g, '<br>$1')
// remove additional linebreaks inside p tags
.replace(/<p><br><\/p>/g, '') .replace(/<p><br><\/p>/g, '')
return dirty return dirty
} }