yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Tighten valiation around URLs in database fields

Browse Source 
closes #6012
This commit is contained in:
Tom Moor
2023-10-16 19:27:20 -04:00
parent 31cb9c865f
commit 0b7253bb0c
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/models/User.test.ts
View File

@@ -13,6 +13,28 @@ afterAll(() => {
}); });
describe("user model", () => { describe("user model", () => {
describe("create", () => {
it("should not allow URLs in name", async () => {
await expect(
buildUser({
name: "www.google.com",
})
).rejects.toThrowError();
await expect(
buildUser({
name: "My name https://malicious.com",
})
).rejects.toThrowError();
await expect(
buildUser({
name: "wwwww",
})
).resolves.toBeDefined();
});
});
describe("destroy", () => { describe("destroy", () => {
it("should delete user authentications", async () => { it("should delete user authentications", async () => {
const user = await buildUser(); const user = await buildUser();

2
server/models/validators/NotContainsUrl.ts
View File

@@ -8,7 +8,7 @@ export default function NotContainsUrl(target: any, propertyName: string) {
return addAttributeOptions(target, propertyName, { return addAttributeOptions(target, propertyName, {
validate: { validate: {
not: { not: {
args: /(www|file:|http:|https:)+[^\s]+[\w]/, args: /(www\.|file:|http:|https:)[^\s]+[\w]/,
msg: "Must not contain a URL", msg: "Must not contain a URL",
}, },
}, },