yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Escape user defined values (regressed just now bc7052b7ca)

Browse Source
This commit is contained in:
Tom Moor
2022-05-22 11:10:59 +01:00
parent 45c082f137
commit a78ad8dec2
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/routes/index.ts
View File

@@ -5,6 +5,7 @@ import Koa, { Context, Next } from "koa";
import Router from "koa-router"; import Router from "koa-router";
import send from "koa-send"; import send from "koa-send";
import serve from "koa-static"; import serve from "koa-static";
import { escape } from "lodash";
import isUUID from "validator/lib/isUUID"; import isUUID from "validator/lib/isUUID";
import { languages } from "@shared/i18n"; import { languages } from "@shared/i18n";
import env from "@server/env"; import env from "@server/env";
@@ -70,8 +71,8 @@ const renderApp = async (
ctx.body = page ctx.body = page
.toString() .toString()
.replace(/\/\/inject-env\/\//g, environment) .replace(/\/\/inject-env\/\//g, environment)
.replace(/\/\/inject-title\/\//g, title) .replace(/\/\/inject-title\/\//g, escape(title))
.replace(/\/\/inject-description\/\//g, description) .replace(/\/\/inject-description\/\//g, escape(description))
.replace(/\/\/inject-canonical\/\//g, canonical) .replace(/\/\/inject-canonical\/\//g, canonical)
.replace(/\/\/inject-prefetch\/\//g, shareId ? "" : prefetchTags) .replace(/\/\/inject-prefetch\/\//g, shareId ? "" : prefetchTags)
.replace(/\/\/inject-slack-app-id\/\//g, env.SLACK_APP_ID || ""); .replace(/\/\/inject-slack-app-id\/\//g, env.SLACK_APP_ID || "");