ben.carrasco/jambonz-feature-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-feature-server.git synced 2025-12-20 16:50:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

do not escape req.body.tag (#559)

Browse Source 
Co-authored-by: Markus Frindt <m.frindt@cognigy.com>
This commit is contained in:
Markus Frindt
2023-12-05 16:06:04 +01:00
committed by GitHub
parent 4273196447
commit 46755f909c
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/http-routes/schemas/create-call.js
View File

@@ -116,12 +116,9 @@ const customSanitizeFunction = (value) => {
/* trims characters at the beginning and at the end of a string */ /* trims characters at the beginning and at the end of a string */
value = value.trim(); value = value.trim();
/* We don't escape URLs but verify them via new URL */ /* Verify strings including 'http' via new URL */
if (value.includes('http')) { if (value.includes('http')) {
value = new URL(value).toString(); value = new URL(value).toString();
} else {
/* replaces <, >, &, ', " and / with their corresponding HTML entities */
value = escape(value);
} }
} }
} catch (error) { } catch (error) {