Improved sanatization for server-side templating.

src/controllers/tooltip/altListController.js

@@ -16,6 +16,7 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
 
 //NPM Imports
 const {validationResult, matchedData} = require('express-validator');
+const validator = require('validator');//Because sometimes one isn't enough...
 
 //local imports
 const {userModel} = require('../../schemas/user/userSchema');
@@ -34,7 +35,7 @@ module.exports.get = async function(req, res){
                 return errorHandler(res, 'Cannot get alts for non-existant user!');
             }
 
-            return res.render('partial/tooltip/altList', {alts: await userDB.getAltProfiles()});
+            return res.render('partial/tooltip/altList', {alts: await userDB.getAltProfiles(), unescape: validator.unescape});
         }else{
             res.status(400);
             return res.send({errors: validResult.array()})

src/controllers/tooltip/profileController.js

@@ -17,6 +17,9 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
 //NPM Imports
 const {validationResult, matchedData} = require('express-validator');
 
+//NPM Imports
+const validator = require('validator');//No express here, so regular validator it is!
+
 //local imports
 const {userModel} = require('../../schemas/user/userSchema');
 const {exceptionHandler, errorHandler} = require('../../utils/loggerUtils');
@@ -30,10 +33,10 @@ module.exports.get = async function(req, res){
             const data = matchedData(req);
             const profile = await userModel.findProfile({user: data.user});
 
-            return res.render('partial/tooltip/profile', {profile});
+            return res.render('partial/tooltip/profile', {profile, unescape: validator.unescape});
         }else{
             res.status(400);
-            return res.send({errors: validResult.array()})
+            return res.send({errors: validResult.array()});
         }
 
     }catch(err){