@joystick.js/node-canary 0.0.0-canary.35 → 0.0.0-canary.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { isObject } from "../../validation/lib/typeValidators";
|
|
2
|
+
import escapeKeyValuePair from "../../lib/escapeKeyValuePair.js";
|
|
2
3
|
var getBrowserSafeUser_default = (user = null) => {
|
|
3
4
|
if (!user || !isObject(user)) {
|
|
4
5
|
return null;
|
|
@@ -16,7 +17,7 @@ var getBrowserSafeUser_default = (user = null) => {
|
|
|
16
17
|
return fields;
|
|
17
18
|
}
|
|
18
19
|
}, {});
|
|
19
|
-
return browserSafeUser;
|
|
20
|
+
return escapeKeyValuePair(browserSafeUser);
|
|
20
21
|
};
|
|
21
22
|
export {
|
|
22
23
|
getBrowserSafeUser_default as default
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import getBrowserSafeUser from "./accounts/getBrowserSafeUser";
|
|
2
|
-
import
|
|
2
|
+
import escapeKeyValuePair from "../lib/escapeKeyValuePair.js";
|
|
3
3
|
var getBrowserSafeRequest_default = (req = {}) => {
|
|
4
4
|
const browserSafeRequest = {};
|
|
5
|
-
browserSafeRequest.params =
|
|
6
|
-
browserSafeRequest.query =
|
|
5
|
+
browserSafeRequest.params = escapeKeyValuePair(req.params);
|
|
6
|
+
browserSafeRequest.query = escapeKeyValuePair(req.query);
|
|
7
7
|
browserSafeRequest.context = {
|
|
8
8
|
user: getBrowserSafeUser(req.context.user)
|
|
9
9
|
};
|
|
@@ -9,6 +9,7 @@ import replaceFileProtocol from "../../lib/replaceFileProtocol.js";
|
|
|
9
9
|
import replaceBackslashesWithForwardSlashes from "../../lib/replaceBackslashesWithForwardSlashes.js";
|
|
10
10
|
import getBuildPath from "../../lib/getBuildPath.js";
|
|
11
11
|
import escapeHTML from "../../lib/escapeHTML.js";
|
|
12
|
+
import escapeKeyValuePair from "../../lib/escapeKeyValuePair.js";
|
|
12
13
|
const generateHash = (input = "") => {
|
|
13
14
|
return crypto.createHash("sha256").update(input).digest("hex");
|
|
14
15
|
};
|
|
@@ -66,8 +67,8 @@ const getCachedHTML = ({ cachePath, cacheFileName, currentDiff }) => {
|
|
|
66
67
|
const getUrl = (request = {}) => {
|
|
67
68
|
const [path = null] = request.url?.split("?");
|
|
68
69
|
return {
|
|
69
|
-
params:
|
|
70
|
-
query:
|
|
70
|
+
params: escapeKeyValuePair(request.params),
|
|
71
|
+
query: escapeKeyValuePair(request.query),
|
|
71
72
|
route: escapeHTML(request.route.path),
|
|
72
73
|
path: escapeHTML(path)
|
|
73
74
|
};
|
|
@@ -1,19 +1,7 @@
|
|
|
1
|
-
import
|
|
2
|
-
const sanitizeParameterSet = (parameters = [], target = {}) => {
|
|
3
|
-
for (let i = 0; i < parameters?.length; i += 1) {
|
|
4
|
-
const [key, value] = parameters[i];
|
|
5
|
-
delete target[key];
|
|
6
|
-
target[escapeHTML(key)] = escapeHTML(value);
|
|
7
|
-
}
|
|
8
|
-
};
|
|
1
|
+
import escapeKeyValuePair from "../../lib/escapeKeyValuePair.js";
|
|
9
2
|
var sanitizeRequestParameters_default = (req, res, next) => {
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
sanitizeParameterSet(parameters, req?.params);
|
|
13
|
-
sanitizeParameterSet(queryParameters, req?.query);
|
|
14
|
-
if (req?.route?.path) {
|
|
15
|
-
req.route.path = escapeHTML(req?.route?.path);
|
|
16
|
-
}
|
|
3
|
+
req.params = escapeKeyValuePair(req.params);
|
|
4
|
+
req.query = escapeKeyValuePair(req.query);
|
|
17
5
|
next();
|
|
18
6
|
};
|
|
19
7
|
export {
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import escapeHTML from "./escapeHTML.js";
|
|
2
|
+
var escapeKeyValuePair_default = (target = {}) => {
|
|
3
|
+
const parameters = Object.entries(target || {});
|
|
4
|
+
for (let i = 0; i < parameters?.length; i += 1) {
|
|
5
|
+
const [key, value] = parameters[i];
|
|
6
|
+
delete target[key];
|
|
7
|
+
target[escapeHTML(key)] = escapeHTML(value);
|
|
8
|
+
}
|
|
9
|
+
return target;
|
|
10
|
+
};
|
|
11
|
+
export {
|
|
12
|
+
escapeKeyValuePair_default as default
|
|
13
|
+
};
|