farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-24 01:00:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

XSS: replacing deprecated sanitize-js with sanitize-html

Browse Source
This commit is contained in:
vinodkiran
2023-12-08 18:50:58 +05:30
parent 6e2d6cbac4
commit 99bc9d64fb
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/utils/XSS.ts
+5 -3
View File
@@ -1,10 +1,12 @@
import { Request, Response, NextFunction } from 'express'
let stripJs = require('strip-js')
const sanitizeHtml = require('sanitize-html')
export function sanitizeMiddleware(req: Request, res: Response, next: NextFunction): void {
req.url = stripJs(req.url)
// decoding is necessary as the url is encoded by the browser
const decodedURI = decodeURI(req.url)
req.url = sanitizeHtml(decodedURI)
for (let p in req.query) {
req.query[p] = stripJs(req.query[p])
req.query[p] = sanitizeHtml(req.query[p])
}
next()