do not escape req.body.tag (#559)

Co-authored-by: Markus Frindt <m.frindt@cognigy.com>
2025-12-20 16:50:39 +00:00 · 2023-12-05 16:06:04 +01:00
parent 4273196447
commit 46755f909c
1 changed files with 1 additions and 4 deletions
--- a/lib/http-routes/schemas/create-call.js
+++ b/lib/http-routes/schemas/create-call.js
@@ -116,12 +116,9 @@ const customSanitizeFunction = (value) => {
      /* trims characters at the beginning and at the end of a string */
      value = value.trim();

-      /* We don't escape URLs but verify them via new URL */
+      /* Verify strings including 'http' via new URL */
      if (value.includes('http')) {
        value = new URL(value).toString();
-      } else {
-        /* replaces <, >, &, ', " and / with their corresponding HTML entities */
-        value = escape(value);
      }
    }
  } catch (error) {