diff options
author | David Mehren | 2021-05-11 21:13:25 +0200 |
---|---|---|
committer | GitHub | 2021-05-11 21:13:25 +0200 |
commit | 01dad5821ee28377ebe640c6c72c3e0bb0d51ea7 (patch) | |
tree | e1dc63aba3546b3bbc402c2e911626d0ade56b46 /lib/models | |
parent | 4cc9b3abe5f4ee55764fbdb6602f8133e4d73e53 (diff) | |
parent | f552b14e11761a73237b3b3834827dde151b8b28 (diff) |
Merge pull request from GHSA-gjg7-4j2h-94fq
Fix XSS in Open Graph & User metadata
Diffstat (limited to '')
-rw-r--r-- | lib/models/user.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/models/user.js b/lib/models/user.js index 383be1a7..d7953003 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -2,6 +2,7 @@ // external modules const Sequelize = require('sequelize') const scrypt = require('scrypt-kdf') +const filterXSS = require('xss') // core const logger = require('../logger') @@ -74,7 +75,7 @@ module.exports = function (sequelize, DataTypes) { } if (profile) { profile = { - name: profile.displayName || profile.username, + name: filterXSS(profile.displayName || profile.username), photo: User.parsePhotoByProfile(profile), biggerphoto: User.parsePhotoByProfile(profile, true) } @@ -135,7 +136,7 @@ module.exports = function (sequelize, DataTypes) { photo = generateAvatarURL(profile.username) break } - return photo + return filterXSS(photo) } User.parseProfileByEmail = function (email) { return { |