Escape opengraph/oembed tags

author: Chocobozzz <florian.bigard@gmail.com> 2017-10-17 16:53:10 +0200
committer: Chocobozzz <florian.bigard@gmail.com> 2017-10-17 16:53:10 +0200
commit: 49347a0a8b64559192d8f29f1237308025a48fd4 (patch)
tree: fca36cdbd9d0259313234c7e5703276f672364e9 /server/helpers
parent: c6e0bfbf582205410bf166118956a368f6a4cbaa (diff)
download: PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.gz
PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.zst
PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts
index 3118dc500..33bbdca8b 100644
--- a/server/helpers/core-utils.ts
+++ b/server/helpers/core-utils.ts
@@ -38,6 +38,22 @@ function root () {
  return join.apply(null, paths)
 }
+// Thanks: https://stackoverflow.com/a/12034334
+function escapeHTML (stringParam) {
+  const entityMap = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#39;',
+    '/': '&#x2F;',
+    '`': '&#x60;',
+    '=': '&#x3D;'
+  }
+  return String(stringParam).replace(/[&<>"'`=\/]/g, s => entityMap[s])
+}
 function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
  return function promisified (): Promise<A> {
    return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
@@ -101,6 +117,7 @@ const statPromise = promisify1<string, Stats>(stat)
 export {
  isTestInstance,
  root,
+  escapeHTML,
  promisify0,
  promisify1,
author	Chocobozzz <florian.bigard@gmail.com>	2017-10-17 16:53:10 +0200
committer	Chocobozzz <florian.bigard@gmail.com>	2017-10-17 16:53:10 +0200
commit	49347a0a8b64559192d8f29f1237308025a48fd4 (patch)
tree	fca36cdbd9d0259313234c7e5703276f672364e9 /server/helpers
parent	c6e0bfbf582205410bf166118956a368f6a4cbaa (diff)
download	PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.gz PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.zst PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.zip

diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts index 3118dc500..33bbdca8b 100644 --- a/server/helpers/core-utils.ts +++ b/server/helpers/core-utils.ts
@@ -38,6 +38,22 @@ function root () {
38	return join.apply(null, paths)	38	return join.apply(null, paths)
39	}	39	}
40		40
		41	// Thanks: https://stackoverflow.com/a/12034334
		42	function escapeHTML (stringParam) {
		43	const entityMap = {
		44	'&': '&',
		45	'<': '<',
		46	'>': '>',
		47	'"': '"',
		48	"'": ''',
		49	'/': '/',
		50	'`': '`',
		51	'=': '='
		52	}
		53
		54	return String(stringParam).replace(/[&<>"'`=\/]/g, s => entityMap[s])
		55	}
		56
41	function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {	57	function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
42	return function promisified (): Promise<A> {	58	return function promisified (): Promise<A> {
43	return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {	59	return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
@@ -101,6 +117,7 @@ const statPromise = promisify1<string, Stats>(stat)
101	export {	117	export {
102	isTestInstance,	118	isTestInstance,
103	root,	119	root,
		120	escapeHTML,
104		121
105	promisify0,	122	promisify0,
106	promisify1,	123	promisify1,