aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/client.ts19
-rw-r--r--server/helpers/core-utils.ts17
2 files changed, 28 insertions, 8 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index e3c962058..6a2ac4aab 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -10,7 +10,7 @@ import {
10 STATIC_MAX_AGE, 10 STATIC_MAX_AGE,
11 OPENGRAPH_AND_OEMBED_COMMENT 11 OPENGRAPH_AND_OEMBED_COMMENT
12} from '../initializers' 12} from '../initializers'
13import { root, readFileBufferPromise } from '../helpers' 13import { root, readFileBufferPromise, escapeHTML } from '../helpers'
14import { VideoInstance } from '../models' 14import { VideoInstance } from '../models'
15 15
16const clientsRouter = express.Router() 16const clientsRouter = express.Router()
@@ -47,21 +47,24 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance
47 const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName() 47 const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName()
48 const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid 48 const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid
49 49
50 const videoName = escapeHTML(video.name)
51 const videoDescription = escapeHTML(video.description)
52
50 const openGraphMetaTags = { 53 const openGraphMetaTags = {
51 'og:type': 'video', 54 'og:type': 'video',
52 'og:title': video.name, 55 'og:title': videoName,
53 'og:image': previewUrl, 56 'og:image': previewUrl,
54 'og:url': videoUrl, 57 'og:url': videoUrl,
55 'og:description': video.description, 58 'og:description': videoDescription,
56 59
57 'name': video.name, 60 'name': videoName,
58 'description': video.description, 61 'description': videoDescription,
59 'image': previewUrl, 62 'image': previewUrl,
60 63
61 'twitter:card': 'summary_large_image', 64 'twitter:card': 'summary_large_image',
62 'twitter:site': '@Chocobozzz', 65 'twitter:site': '@Chocobozzz',
63 'twitter:title': video.name, 66 'twitter:title': videoName,
64 'twitter:description': video.description, 67 'twitter:description': videoDescription,
65 'twitter:image': previewUrl 68 'twitter:image': previewUrl
66 } 69 }
67 70
@@ -69,7 +72,7 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance
69 { 72 {
70 type: 'application/json+oembed', 73 type: 'application/json+oembed',
71 href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl), 74 href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl),
72 title: video.name 75 title: videoName
73 } 76 }
74 ] 77 ]
75 78
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts
index 3118dc500..33bbdca8b 100644
--- a/server/helpers/core-utils.ts
+++ b/server/helpers/core-utils.ts
@@ -38,6 +38,22 @@ function root () {
38 return join.apply(null, paths) 38 return join.apply(null, paths)
39} 39}
40 40
41// Thanks: https://stackoverflow.com/a/12034334
42function escapeHTML (stringParam) {
43 const entityMap = {
44 '&': '&',
45 '<': '&lt;',
46 '>': '&gt;',
47 '"': '&quot;',
48 "'": '&#39;',
49 '/': '&#x2F;',
50 '`': '&#x60;',
51 '=': '&#x3D;'
52 }
53
54 return String(stringParam).replace(/[&<>"'`=\/]/g, s => entityMap[s])
55}
56
41function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> { 57function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
42 return function promisified (): Promise<A> { 58 return function promisified (): Promise<A> {
43 return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => { 59 return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
@@ -101,6 +117,7 @@ const statPromise = promisify1<string, Stats>(stat)
101export { 117export {
102 isTestInstance, 118 isTestInstance,
103 root, 119 root,
120 escapeHTML,
104 121
105 promisify0, 122 promisify0,
106 promisify1, 123 promisify1,