From 49347a0a8b64559192d8f29f1237308025a48fd4 Mon Sep 17 00:00:00 2001
From: Chocobozzz <florian.bigard@gmail.com>
Date: Tue, 17 Oct 2017 16:53:10 +0200
Subject: Escape opengraph/oembed tags

---
 server/helpers/core-utils.ts | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'server/helpers')

diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts
index 3118dc500..33bbdca8b 100644
--- a/server/helpers/core-utils.ts
+++ b/server/helpers/core-utils.ts
@@ -38,6 +38,22 @@ function root () {
   return join.apply(null, paths)
 }
 
+// Thanks: https://stackoverflow.com/a/12034334
+function escapeHTML (stringParam) {
+  const entityMap = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#39;',
+    '/': '&#x2F;',
+    '`': '&#x60;',
+    '=': '&#x3D;'
+  }
+
+  return String(stringParam).replace(/[&<>"'`=\/]/g, s => entityMap[s])
+}
+
 function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
   return function promisified (): Promise<A> {
     return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
@@ -101,6 +117,7 @@ const statPromise = promisify1<string, Stats>(stat)
 export {
   isTestInstance,
   root,
+  escapeHTML,
 
   promisify0,
   promisify1,
-- 
cgit v1.2.3