Improved sanatization for server-side templating.

This commit is contained in:
rainbow napkin 2025-11-04 06:09:26 -05:00
parent 35fd81e1b2
commit 08fe051269
30 changed files with 151 additions and 104 deletions

View file

@ -16,6 +16,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//NPM Imports
const {validationResult, matchedData} = require('express-validator');
const validator = require('validator');//Because sometimes one isn't enough...
//local imports
const {userModel} = require('../../schemas/user/userSchema');
@ -34,7 +35,7 @@ module.exports.get = async function(req, res){
return errorHandler(res, 'Cannot get alts for non-existant user!');
}
return res.render('partial/tooltip/altList', {alts: await userDB.getAltProfiles()});
return res.render('partial/tooltip/altList', {alts: await userDB.getAltProfiles(), unescape: validator.unescape});
}else{
res.status(400);
return res.send({errors: validResult.array()})

View file

@ -17,6 +17,9 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//NPM Imports
const {validationResult, matchedData} = require('express-validator');
//NPM Imports
const validator = require('validator');//No express here, so regular validator it is!
//local imports
const {userModel} = require('../../schemas/user/userSchema');
const {exceptionHandler, errorHandler} = require('../../utils/loggerUtils');
@ -30,10 +33,10 @@ module.exports.get = async function(req, res){
const data = matchedData(req);
const profile = await userModel.findProfile({user: data.user});
return res.render('partial/tooltip/profile', {profile});
return res.render('partial/tooltip/profile', {profile, unescape: validator.unescape});
}else{
res.status(400);
return res.send({errors: validResult.array()})
return res.send({errors: validResult.array()});
}
}catch(err){