forked from Mirrors/keyoxide-web
fix: avoid shadowing escape
This commit is contained in:
parent
a57d24ad6a
commit
567130f634
2 changed files with 5 additions and 5 deletions
|
@ -38,7 +38,7 @@ router.get('/', function (req, res) {
|
|||
router.get('/profile-url', function (req, res) {
|
||||
res.render('util/profile-url', { meta: getMetaFromReq(req) })
|
||||
})
|
||||
router.get('/profile-url/:input',
|
||||
router.get('/profile-url/:input',
|
||||
escapedParam('input'),
|
||||
function (req, res) {
|
||||
res.render('util/profile-url', { input: req.params.input, meta: getMetaFromReq(req) })
|
||||
|
|
|
@ -156,17 +156,17 @@ export function generateProfileTheme (/** @type {Profile} */ profile) {
|
|||
|
||||
const reEmailLike = /(<[^\s@<>]+@[^\s@<>]+>)/
|
||||
|
||||
export function escapedParam(name) {
|
||||
export function escapedParam (/** @type {String} */ name) {
|
||||
return param(name).customSanitizer(value => {
|
||||
return value.split(reEmailLike).map(token => {
|
||||
if (reEmailLike.test(token)) return token
|
||||
return escape(token)
|
||||
return escapeString(token)
|
||||
}).join('')
|
||||
})
|
||||
}
|
||||
|
||||
// Copied from https://github.com/validatorjs/validator.js/blob/b958bd7d1026a434ad3bf90064d3dcb8b775f1a9/src/lib/escape.js
|
||||
function escape(input) {
|
||||
// Copied from https://github.com/validatorjs/validator.js/blob/b958bd7d1026a434ad3bf90064d3dcb8b775f1a9/src/lib/escapeString.js
|
||||
function escapeString (/** @type {String} */ input) {
|
||||
return (input.replace(/&/g, '&')
|
||||
.replace(/"/g, '"')
|
||||
.replace(/'/g, ''')
|
||||
|
|
Loading…
Reference in a new issue