gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #190 from terakilobyte/allow-quotation-marks

Browse Source 
Allow quotation marks
This commit is contained in:
Free Code Camp
2015-03-12 02:06:35 -04:00
parent 657d9e467c ef24ca746c
commit f2c449f8b8
1 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
controllers/story.js
View File

@ -86,10 +86,12 @@ exports.recent = function(req, res) {
exports.preSubmit = function(req, res) { exports.preSubmit = function(req, res) {
var data = req.query; var data = req.query;
var cleanData = sanitizeHtml(data.url); var cleanData = sanitizeHtml(data.url, {
allowedTags: [],
allowedAttributes: []
}).replace(/";/g, '"');
if (data.url.replace(/&/g, '&') !== cleanData) { if (data.url.replace(/&/g, '&') !== cleanData) {
debug('data and cleandata', data, cleanData, data.url === cleanData);
req.flash('errors', { req.flash('errors', {
msg: 'The data for this post is malformed' msg: 'The data for this post is malformed'
}); });
@ -226,7 +228,10 @@ exports.comments = function(req, res, next) {
exports.newStory = function(req, res) { exports.newStory = function(req, res) {
var url = req.body.data.url; var url = req.body.data.url;
var cleanURL = sanitizeHtml(url); var cleanURL = sanitizeHtml(url, {
allowedTags: [],
allowedAttributes: []
}).replace(/"/g, '"');
if (cleanURL !== url) { if (cleanURL !== url) {
req.flash('errors', { req.flash('errors', {
msg: "The URL you submitted doesn't appear valid" msg: "The URL you submitted doesn't appear valid"
@ -291,10 +296,16 @@ exports.storySubmission = function(req, res) {
link = 'http://' + link; link = 'http://' + link;
} }
var story = new Story({ var story = new Story({
headline: sanitizeHtml(data.headline), headline: sanitizeHtml(data.headline, {
allowedTags: [],
allowedAttributes: []
}).replace(/"/g, '"'),
timePosted: Date.now(), timePosted: Date.now(),
link: link, link: link,
description: sanitizeHtml(data.description), description: sanitizeHtml(data.description, {
allowedTags: [],
allowedAttributes: []
}).replace(/"/g, '"'),
rank: 1, rank: 1,
upVotes: data.upVotes, upVotes: data.upVotes,
author: data.author, author: data.author,
@ -320,7 +331,7 @@ exports.commentSubmit = function(req, res) {
{ {
allowedTags: [], allowedTags: [],
allowedAttributes: [] allowedAttributes: []
}); }).replace(/"/g, '"');
if (data.body !== sanitizedBody) { if (data.body !== sanitizedBody) {
req.flash('errors', { req.flash('errors', {
msg: 'HTML is not allowed' msg: 'HTML is not allowed'
@ -346,7 +357,7 @@ exports.commentOnCommentSubmit = function(req, res) {
{ {
allowedTags: [], allowedTags: [],
allowedAttributes: [] allowedAttributes: []
}); }).replace(/"/g, '"');
if (data.body !== sanitizedBody) { if (data.body !== sanitizedBody) {
req.flash('errors', { req.flash('errors', {
msg: 'HTML is not allowed' msg: 'HTML is not allowed'