[mirotalksfu] - add catch on check XSS
هذا الالتزام موجود في:
Miroslav Pejic
@@ -453,7 +453,7 @@ function startServer() {
|
|||||||
if (config.ngrok.authToken !== '') {
|
if (config.ngrok.authToken !== '') {
|
||||||
return ngrokStart();
|
return ngrokStart();
|
||||||
}
|
}
|
||||||
log.debug('Settings', {
|
log.info('Settings', {
|
||||||
node_version: process.versions.node,
|
node_version: process.versions.node,
|
||||||
hostConfig: hostCfg,
|
hostConfig: hostCfg,
|
||||||
announced_ip: announcedIP,
|
announced_ip: announcedIP,
|
||||||
|
|||||||
@@ -5,12 +5,17 @@ const Logger = require('./Logger');
|
|||||||
const log = new Logger('Xss');
|
const log = new Logger('Xss');
|
||||||
|
|
||||||
const checkXSS = (dataObject) => {
|
const checkXSS = (dataObject) => {
|
||||||
if (typeof dataObject === 'object' && Object.keys(dataObject).length > 0) {
|
try {
|
||||||
const data = xss(JSON.stringify(dataObject));
|
if (typeof dataObject === 'object' && Object.keys(dataObject).length > 0) {
|
||||||
log.debug('Sanitization done');
|
const data = xss(JSON.stringify(dataObject));
|
||||||
return JSON.parse(data);
|
log.debug('Check XSS done');
|
||||||
|
return JSON.parse(data);
|
||||||
|
}
|
||||||
|
return xss(dataObject);
|
||||||
|
} catch (error) {
|
||||||
|
log.error('Check XSS error', { error: error, data: dataObject });
|
||||||
|
return dataObject;
|
||||||
}
|
}
|
||||||
return xss(dataObject);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
module.exports = checkXSS;
|
module.exports = checkXSS;
|
||||||
|
|||||||
المرجع في مشكلة جديدة
حظر مستخدم