Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

- Adds data sanitization on the client and server side

Browse Source 
- Closes #641
This commit is contained in:
Vlad
2016-10-16 12:42:13 -04:00
parent bf894fc26f
commit 9ba6e9806f
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
assets/js/src/subscribers/importExport/import.js
View File

@@ -337,9 +337,19 @@ define(
complete: function (CSV) {
for (var rowCount in CSV.data) {
var rowData = CSV.data[rowCount].map(function (el) {
return filterXSS(el.trim());
}),
rowColumnCount = rowData.length;
// sanitize data
el = filterXSS(el.trim());
var entityMap = {
"<": "&lt;",
">": "&gt;",
"/": '&#x2F;'
};
el = String(el).replace(/[&<>"'\/]/g, function (s) {
return entityMap[s];
});
return el;
});
var rowColumnCount = rowData.length;
// set the number of row elements based on the first non-empty row
if (columnCount === null) {
columnCount = rowColumnCount;