@tiledesk/tiledesk-server 2.10.101 → 2.10.102
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/package.json +8 -6
- package/services/emailService.js +9 -2
- package/test/emailService.js +43 -0
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,9 @@
|
|
|
5
5
|
🚀 IN PRODUCTION 🚀
|
|
6
6
|
(https://www.npmjs.com/package/@tiledesk/tiledesk-server/v/2.3.77)
|
|
7
7
|
|
|
8
|
+
# 2.10.102
|
|
9
|
+
- Update: substituted encode with DOMPurify.sanitize for direct email
|
|
10
|
+
|
|
8
11
|
# 2.10.101
|
|
9
12
|
- Update: messenger-connector to 0.1.27
|
|
10
13
|
- Update: multi-worker to 0.3.3
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tiledesk/tiledesk-server",
|
|
3
3
|
"description": "The Tiledesk server module",
|
|
4
|
-
"version": "2.10.
|
|
4
|
+
"version": "2.10.102",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"start": "node ./bin/www",
|
|
7
7
|
"pretest": "mongodb-runner start",
|
|
@@ -45,16 +45,15 @@
|
|
|
45
45
|
"@tiledesk/tiledesk-json-rules-engine": "^4.0.3",
|
|
46
46
|
"@tiledesk/tiledesk-kaleyra-proxy": "^0.1.7",
|
|
47
47
|
"@tiledesk/tiledesk-messenger-connector": "^0.1.27",
|
|
48
|
+
"@tiledesk/tiledesk-multi-worker": "^0.3.3",
|
|
48
49
|
"@tiledesk/tiledesk-rasa-connector": "^1.0.10",
|
|
50
|
+
"@tiledesk/tiledesk-sms-connector": "^0.1.11",
|
|
49
51
|
"@tiledesk/tiledesk-telegram-connector": "^0.1.14",
|
|
50
52
|
"@tiledesk/tiledesk-tybot-connector": "^2.0.19",
|
|
53
|
+
"@tiledesk/tiledesk-voice-twilio-connector": "^0.1.22",
|
|
54
|
+
"@tiledesk/tiledesk-vxml-connector": "^0.1.76",
|
|
51
55
|
"@tiledesk/tiledesk-whatsapp-connector": "^0.1.84",
|
|
52
56
|
"@tiledesk/tiledesk-whatsapp-jobworker": "^0.0.12",
|
|
53
|
-
"@tiledesk/tiledesk-sms-connector": "^0.1.11",
|
|
54
|
-
"@tiledesk/tiledesk-vxml-connector": "^0.1.76",
|
|
55
|
-
"@tiledesk/tiledesk-voice-twilio-connector": "^0.1.22",
|
|
56
|
-
"@tiledesk/tiledesk-multi-worker": "^0.3.3",
|
|
57
|
-
"passport-oauth2": "^1.8.0",
|
|
58
57
|
"amqplib": "^0.5.5",
|
|
59
58
|
"app-root-path": "^3.0.0",
|
|
60
59
|
"bcrypt-nodejs": "0.0.3",
|
|
@@ -65,6 +64,7 @@
|
|
|
65
64
|
"cors": "^2.8.5",
|
|
66
65
|
"csv-express": "^1.2.2",
|
|
67
66
|
"debug": "^4.3.4",
|
|
67
|
+
"dompurify": "^3.2.6",
|
|
68
68
|
"dotenv": "^8.6.0",
|
|
69
69
|
"email-templates": "^8.1.0",
|
|
70
70
|
"eventemitter2": "^6.4.4",
|
|
@@ -82,6 +82,7 @@
|
|
|
82
82
|
"immutable": "^4.1.0",
|
|
83
83
|
"jade": "~1.11.0",
|
|
84
84
|
"jobs-worker-queued": "^0.0.5",
|
|
85
|
+
"jsdom": "^26.1.0",
|
|
85
86
|
"jsonwebtoken": "^8.5.1",
|
|
86
87
|
"lodash": "^4.17.21",
|
|
87
88
|
"marked": "^3.0.4",
|
|
@@ -104,6 +105,7 @@
|
|
|
104
105
|
"passport-google-oidc": "^0.1.0",
|
|
105
106
|
"passport-http": "^0.3.0",
|
|
106
107
|
"passport-jwt": "^4.0.0",
|
|
108
|
+
"passport-oauth2": "^1.8.0",
|
|
107
109
|
"pdfmake": "^0.2.5",
|
|
108
110
|
"promise-events": "^0.2.4",
|
|
109
111
|
"request": "^2.88.2",
|
package/services/emailService.js
CHANGED
|
@@ -9,6 +9,11 @@ var handlebars = require('handlebars');
|
|
|
9
9
|
var encode = require('html-entities').encode;
|
|
10
10
|
const emailEvent = require('../event/emailEvent');
|
|
11
11
|
|
|
12
|
+
const createDOMPurify = require('dompurify');
|
|
13
|
+
const { JSDOM } = require('jsdom');
|
|
14
|
+
const window = new JSDOM('').window;
|
|
15
|
+
const DOMPurify = createDOMPurify(window);
|
|
16
|
+
|
|
12
17
|
handlebars.registerHelper('ifEquals', function (arg1, arg2, options) {
|
|
13
18
|
return (arg1 == arg2) ? options.fn(this) : options.inverse(this);
|
|
14
19
|
});
|
|
@@ -1476,13 +1481,15 @@ class EmailService {
|
|
|
1476
1481
|
var baseScope = JSON.parse(JSON.stringify(that));
|
|
1477
1482
|
delete baseScope.pass;
|
|
1478
1483
|
|
|
1479
|
-
|
|
1480
1484
|
let msgText = text;
|
|
1481
|
-
msgText = encode(msgText);
|
|
1482
1485
|
if (this.markdown) {
|
|
1483
1486
|
msgText = marked(msgText);
|
|
1487
|
+
msgText = DOMPurify.sanitize(msgText);
|
|
1488
|
+
} else {
|
|
1489
|
+
msgText = encode(msgText);
|
|
1484
1490
|
}
|
|
1485
1491
|
|
|
1492
|
+
|
|
1486
1493
|
winston.debug("msgText: " + msgText);
|
|
1487
1494
|
winston.debug("baseScope: " + JSON.stringify(baseScope));
|
|
1488
1495
|
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
//During the test the env variable is set to test
|
|
2
|
+
process.env.NODE_ENV = 'test';
|
|
3
|
+
|
|
4
|
+
var expect = require('chai').expect;
|
|
5
|
+
|
|
6
|
+
var assert = require('chai').assert;
|
|
7
|
+
var config = require('../config/database');
|
|
8
|
+
var mongoose = require('mongoose');
|
|
9
|
+
var winston = require('../config/winston');
|
|
10
|
+
|
|
11
|
+
mongoose.connect(config.databasetest);
|
|
12
|
+
|
|
13
|
+
var projectService = require("../services/projectService");
|
|
14
|
+
const emailService = require('../services/emailService');
|
|
15
|
+
|
|
16
|
+
let log = false;
|
|
17
|
+
|
|
18
|
+
describe('EmailService', function () {
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
it('direct', function (done) {
|
|
22
|
+
var userid = "5badfe5d553d1844ad654072";
|
|
23
|
+
projectService.create("test1", userid).then(function (savedProject) {
|
|
24
|
+
// create(fullname, email, id_project, createdBy)
|
|
25
|
+
|
|
26
|
+
let request_id = "support-group-" + savedProject._id + "-123456";
|
|
27
|
+
|
|
28
|
+
//let text = "this is\n<b>the</b>\ntext";
|
|
29
|
+
//let text = 'this is <script>alert("XSS")</script>';
|
|
30
|
+
let text = 'Go to [Google](https://google.com)';
|
|
31
|
+
emailService.sendEmailDirect("my@email.com", text, savedProject._id, request_id, "Suubject").then((response) => {
|
|
32
|
+
console.log("response: ", response);
|
|
33
|
+
done();
|
|
34
|
+
}).catch((err) => {
|
|
35
|
+
console.error("err: ", err)
|
|
36
|
+
done();
|
|
37
|
+
})
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
});
|
|
41
|
+
});
|
|
42
|
+
|
|
43
|
+
});
|