farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-29 01:01:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

add sanitize html types

Browse Source
This commit is contained in:
Henry
2023-12-09 14:12:30 +00:00
parent 99bc9d64fb
commit c06c25b0af
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/package.json
+1
View File
@@ -72,6 +72,7 @@
"@types/cors": "^2.8.12", "@types/cors": "^2.8.12",
"@types/crypto-js": "^4.1.1", "@types/crypto-js": "^4.1.1",
"@types/multer": "^1.4.7", "@types/multer": "^1.4.7",
"@types/sanitize-html": "^2.9.5",
"concurrently": "^7.1.0", "concurrently": "^7.1.0",
"nodemon": "^2.0.15", "nodemon": "^2.0.15",
"oclif": "^3", "oclif": "^3",
packages/server/src/utils/XSS.ts
+2 -2
View File
@@ -1,12 +1,12 @@
import { Request, Response, NextFunction } from 'express' import { Request, Response, NextFunction } from 'express'
const sanitizeHtml = require('sanitize-html') import sanitizeHtml from 'sanitize-html'
export function sanitizeMiddleware(req: Request, res: Response, next: NextFunction): void { export function sanitizeMiddleware(req: Request, res: Response, next: NextFunction): void {
// decoding is necessary as the url is encoded by the browser // decoding is necessary as the url is encoded by the browser
const decodedURI = decodeURI(req.url) const decodedURI = decodeURI(req.url)
req.url = sanitizeHtml(decodedURI) req.url = sanitizeHtml(decodedURI)
for (let p in req.query) { for (let p in req.query) {
req.query[p] = sanitizeHtml(req.query[p]) req.query[p] = sanitizeHtml(req.query[p] as string)
} }
next() next()