aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorcel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519>2018-05-17 21:39:39 -0400
committercel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519>2018-05-17 21:39:39 -0400
commitde5a116d784cffcbca53b4ed35f3523de6c9bd01 (patch)
treea885b30b738271c4c5485b46c291eaf258cecf25 /lib
parentf0952377664cc671d536cff9d13918e967964e04 (diff)
downloadpatchfoo-de5a116d784cffcbca53b4ed35f3523de6c9bd01.tar.gz
patchfoo-de5a116d784cffcbca53b4ed35f3523de6c9bd01.zip
Sanitize strings
Diffstat (limited to 'lib')
-rw-r--r--lib/render-msg.js112
1 files changed, 58 insertions, 54 deletions
diff --git a/lib/render-msg.js b/lib/render-msg.js
index 98f86e0..e7de9e3 100644
--- a/lib/render-msg.js
+++ b/lib/render-msg.js
@@ -351,7 +351,7 @@ RenderMsg.prototype.vote = function (cb) {
self.wrapMini([
v.value > 0 ? 'dug' : v.value < 0 ? 'downvoted' : 'undug',
' ', a,
- v.reason ? [' as ', h('q', v.reason)] : ''
+ v.reason ? [' as ', h('q', String(v.reason))] : ''
], cb)
})
}
@@ -514,7 +514,7 @@ RenderMsg.prototype.about = function (cb) {
isSelf ?
'self-identifies as ' :
['identifies ', h('a', {href: this.toUrl(this.c.about)}, truncate(this.c.about, 10)), ' as '],
- h('ins', this.c.name)
+ h('ins', String(this.c.name))
], cb)
}
@@ -570,10 +570,10 @@ RenderMsg.prototype.about = function (cb) {
: h('a', {href: this.toUrl(this.c.about)}, truncate(this.c.about, 10)),
' as '
],
- this.c.name ? [h('ins', this.c.name), ' '] : '',
+ this.c.name ? [h('ins', String(this.c.name)), ' '] : '',
this.c.description ? h('div',
{innerHTML: this.render.markdown(this.c.description)}) : '',
- this.c.title ? h('h3', this.c.title) : '',
+ this.c.title ? h('h3', String(this.c.title)) : '',
this.c.attendee ? h('div',
this.link1(this.c.attendee.link, done()),
this.c.attendee.remove ? ' is not attending' : ' is attending'
@@ -582,7 +582,7 @@ RenderMsg.prototype.about = function (cb) {
'starting at ', dateTime(this.c.startDateTime)) : '',
this.c.endDateTime ? h('div',
'ending at ', dateTime(this.c.endDateTime)) : '',
- this.c.location ? h('div', 'at ', this.c.location) : '',
+ this.c.location ? h('div', 'at ', String(this.c.location)) : '',
img ? h('a', {href: this.toUrl(img)},
h('img.ssb-avatar-image', {
src: this.render.imageUrl(img),
@@ -632,9 +632,11 @@ RenderMsg.prototype.contact = function (cb) {
' ', a,
self.c.note ? [
' from ',
- h('code', self.c.note)
+ h('code', String(self.c.note))
] : '',
- self.c.reason ? [' because ', h('q', self.c.reason)] : ''
+ self.c.reason ? [' because ',
+ h('q', String(self.c.reason))
+ ] : ''
], cb)
})
}
@@ -691,7 +693,7 @@ RenderMsg.prototype.gitUpdate = function (cb) {
'git push ', a, ' ',
!isNaN(size) ? [self.render.formatSize(size), ' '] : '',
self.c.refs ? h('ul', Object.keys(self.c.refs).map(function (ref) {
- var id = self.c.refs[ref]
+ var id = String(self.c.refs[ref])
var type = /^refs\/tags/.test(ref) ? 'tag' : 'commit'
var path = id && ('/git/' + type + '/' + encodeURIComponent(id)
+ '?msg=' + encodeURIComponent(self.msg.key))
@@ -744,9 +746,9 @@ RenderMsg.prototype.gitPullRequest = function (cb) {
if (err) return cb(err)
self.wrap(h('div.ssb-pull-request',
'pull request ',
- 'to ', baseRepoLink, ':', self.c.branch, ' ',
- 'from ', headRepoLink, ':', self.c.head_branch,
- self.c.title ? h('h4', self.c.title) : '',
+ 'to ', baseRepoLink, ':', String(self.c.branch), ' ',
+ 'from ', headRepoLink, ':', String(self.c.head_branch),
+ self.c.title ? h('h4', String(self.c.title)) : '',
h('div', {innerHTML: self.markdown()})), cb)
})
}
@@ -757,7 +759,7 @@ RenderMsg.prototype.issue = function (cb) {
if (err) return cb(err)
self.wrap(h('div.ssb-issue',
'issue on ', projectLink,
- self.c.title ? h('h4', self.c.title) : '',
+ self.c.title ? h('h4', String(self.c.title)) : '',
h('div', {innerHTML: self.markdown()})), cb)
})
}
@@ -796,7 +798,7 @@ RenderMsg.prototype.valueTable = function (val, depth, cb) {
)
} else if (isContent && key === 'type') {
// TODO: also link to images by type, using links2
- var type = val.type
+ var type = String(val.type)
return h('tr',
h('td', h('strong', 'type')),
h('td', h('a', {href: self.toUrl('/type/' + type)}, type))
@@ -843,8 +845,8 @@ RenderMsg.prototype.issues = function (cb) {
}
var els = issues.map(function (issue) {
var commit = issue.object || issue.label ? [
- issue.object ? h('code', issue.object) : '', ' ',
- issue.label ? h('q', issue.label) : ''] : ''
+ issue.object ? h('code', String(issue.object)) : '', ' ',
+ issue.label ? h('q', String(issue.label)) : ''] : ''
if (issue.merged === true)
return h('div',
'merged ', self.link1(issue, done()))
@@ -856,7 +858,7 @@ RenderMsg.prototype.issues = function (cb) {
'reopened ', self.link1(issue, done()))
if (typeof issue.title === 'string')
return h('div',
- 'renamed ', self.link1(issue, done()), ' to ', h('ins', issue.title))
+ 'renamed ', self.link1(issue, done()), ' to ', h('ins', String(issue.title)))
})
done(cb)
return els.length > 0 ? [els, h('br')] : ''
@@ -890,7 +892,7 @@ RenderMsg.prototype.update = function (cb) {
this.wrapMini([
h('div', 'updated ', h('code.ssb-id',
h('a', {href: this.render.toUrl(id)}, id))),
- this.c.title ? h('h4.msg-title', this.c.title) : '',
+ this.c.title ? h('h4.msg-title', String(this.c.title)) : '',
this.c.description ? h('div',
{innerHTML: this.render.markdown(this.c.description)}) : ''
], cb)
@@ -913,7 +915,8 @@ RenderMsg.prototype.audio = function (cb) {
}))
: ''),
h('td',
- h('a', {href: this.render.toUrl(this.c.audioSrc)}, this.c.title),
+ h('a', {href: this.render.toUrl(this.c.audioSrc)},
+ String(this.c.title)),
isFinite(this.c.duration)
? ' (' + formatDuration(this.c.duration) + ')'
: '',
@@ -937,7 +940,7 @@ RenderMsg.prototype.musicRelease = function (cb) {
}))
: ''),
h('td',
- h('h4.msg-title', this.c.title),
+ h('h4.msg-title', String(this.c.title)),
this.c.text
? h('div', {innerHTML: this.render.markdown(this.c.text)})
: ''
@@ -945,7 +948,8 @@ RenderMsg.prototype.musicRelease = function (cb) {
)),
h('ul', u.toArray(this.c.tracks).filter(Boolean).map(function (track) {
return h('li',
- h('a', {href: self.render.toUrl(track.link)}, track.fname))
+ h('a', {href: self.render.toUrl(track.link)},
+ String(track.fname)))
}))
], cb)
}
@@ -958,10 +962,10 @@ RenderMsg.prototype.dns = function (cb) {
self.wrap([
h('div',
h('p',
- h('ins', {title: 'name'}, record.name), ' ',
- h('span', {title: 'ttl'}, record.ttl), ' ',
- h('span', {title: 'class'}, record.class), ' ',
- h('span', {title: 'type'}, record.type)
+ h('ins', {title: 'name'}, String(record.name)), ' ',
+ h('span', {title: 'ttl'}, String(record.ttl)), ' ',
+ h('span', {title: 'class'}, String(record.class)), ' ',
+ h('span', {title: 'type'}, String(record.type))
),
h('pre', {title: 'data'},
JSON.stringify(record.data || record.value, null, 2)),
@@ -996,11 +1000,11 @@ RenderMsg.prototype.mutualCredit = function (cb) {
if (err) return cb(err)
self.wrapMini([
'credits ', a || '?', ' ',
- h('code', self.c.amount), ' ',
+ h('code', String(self.c.amount)), ' ',
currency[0] === '#'
? h('a', {href: self.toUrl(currency)}, currency)
: h('ins', currency),
- self.c.memo ? [' for ', h('q', self.c.memo)] : ''
+ self.c.memo ? [' for ', h('q', String(self.c.memo))] : ''
], cb)
})
}
@@ -1068,7 +1072,7 @@ RenderMsg.prototype.npmPublish = function (cb) {
self.wrap([
h('div',
'published ',
- h('u', pkg.name), ' ',
+ h('u', String(pkg.name)), ' ',
hJoin(versions.map(function (version) {
var distTag = distTagged[version]
return [h('b', version), distTag ? [' (', h('i', distTag), ')'] : '']
@@ -1272,9 +1276,9 @@ RenderMsg.prototype.chessMove = function (cb) {
h('div', h('small', '> ', rootLink)),
h('p',
// 'player ', (c.ply || ''), ' ',
- 'moved ', (piece ? renderChessSymbol(piece) : ''), ' ',
- 'from ', c.orig, ' ',
- 'to ', c.dest
+ 'moved ' + (piece ? renderChessSymbol(piece) + ' ' : ''),
+ 'from ' + c.orig, ' ',
+ 'to ' + c.dest
),
self.chessBoard(game.board)
], cb)
@@ -1339,9 +1343,9 @@ RenderMsg.prototype.chessGameEnd = function (cb) {
self.wrap([
h('div', h('small', '> ', rootLink)),
h('p',
- 'moved ', (piece ? renderChessSymbol(piece) : ''), ' ',
- 'from ', c.orig, ' ',
- 'to ', c.dest
+ 'moved ' + (piece ? renderChessSymbol(piece) + ' ' : ''),
+ 'from ' + c.orig, ' ',
+ 'to ' + c.dest
),
h('p',
h('strong', self.c.status), '. winner: ', h('strong', winnerLink)),
@@ -1356,7 +1360,7 @@ RenderMsg.prototype.chessChat = function (cb) {
if (err) return cb(err)
self.wrap([
h('div', h('small', '> ', rootLink)),
- h('p', self.c.msg)
+ h('p', String(self.c.msg))
], cb)
})
}
@@ -1378,9 +1382,9 @@ RenderMsg.prototype.chessMoveFull = function (cb) {
h('div', h('small', '> ', rootLink)),
h('p',
// 'player ', (c.ply || ''), ' ',
- 'moved ', (piece ? renderChessSymbol(piece) : ''), ' ',
- 'from ', c.orig, ' ',
- 'to ', c.dest
+ 'moved ' + (piece ? renderChessSymbol(piece) + ' ' : '')
+ 'from ' + c.orig, ' ',
+ 'to ' + c.dest
),
self.chessBoard(game.board)
], cb)
@@ -1397,7 +1401,7 @@ RenderMsg.prototype.chessMoveMini = function (cb) {
if (err) return cb(err)
self.wrapMini([
'moved ', chessPieceName(piece), ' ',
- 'to ', c.dest
+ 'to ' + c.dest
], cb)
})
}
@@ -1406,12 +1410,12 @@ RenderMsg.prototype.acmeChallengesHttp01 = function (cb) {
var self = this
self.wrapMini(h('span',
'serves ',
- hJoin(u.toArray(self.c.challenges).map(function (challenge) {
+ hJoin(u.toArray(self.c.challenges).filter(Boolean).map(function (challenge) {
return h('a', {
href: 'http://' + challenge.domain +
'/.well-known/acme-challenge/' + challenge.token,
title: challenge.keyAuthorization,
- }, challenge.domain)
+ }, String(challenge.domain))
}), ', ', ', and ')
), cb)
}
@@ -1430,9 +1434,9 @@ RenderMsg.prototype.bookclub = function (cb) {
}))
})),
h('td',
- h('h4', props.title),
+ h('h4', String(props.title)),
props.authors ?
- h('p', h('em', props.authors))
+ h('p', h('em', String(props.authors)))
: '',
props.description
? h('div', {innerHTML: self.render.markdown(props.description)})
@@ -1470,7 +1474,7 @@ RenderMsg.prototype.sombrioScore = function (cb) {
var self = this
self.wrapMini(h('span',
'scored ',
- h('ins', self.c.score)
+ h('ins', String(self.c.score))
), cb)
}
@@ -1491,8 +1495,8 @@ RenderMsg.prototype.blog = function (cb) {
}) : 'blog'),
h('td',
blogId ? h('h3', h('a', {href: self.render.toUrl('/markdown/' + blogId)},
- self.c.title || self.msg.key)) : '',
- self.c.summary || '')
+ String(self.c.title || self.msg.key))) : '',
+ String(self.c.summary || ''))
)), cb)
}
@@ -1526,7 +1530,7 @@ RenderMsg.prototype.skillCreate = function (cb) {
var self = this
self.wrapMini(h('span',
' created skill ',
- h('ins', self.c.name)
+ h('ins', String(self.c.name))
), cb)
}
@@ -1558,7 +1562,7 @@ RenderMsg.prototype.identitySkillAssign = function (cb) {
self.wrapMini(h('span',
self.c.action === 'assign' ? 'assigns '
: self.c.action === 'unassign' ? 'unassigns '
- : h('code', self.c.action), ' ',
+ : h('code', String(self.c.action)), ' ',
'skill ', a
), cb)
})
@@ -1573,7 +1577,7 @@ RenderMsg.prototype.ideaSkillAssign = function (cb) {
self.wrapMini(h('span',
self.c.action === 'assign' ? 'assigns '
: self.c.action === 'unassign' ? 'unassigns '
- : h('code', self.c.action), ' ',
+ : h('code', String(self.c.action)), ' ',
'skill ', skillA,
' to idea ',
ideaA
@@ -1587,7 +1591,7 @@ RenderMsg.prototype.ideaAssocate = function (cb) {
self.wrapMini(h('span',
self.c.action === 'associate' ? 'associates with '
: self.c.action === 'disassociate' ? 'disassociates with '
- : h('code', self.c.action), ' ',
+ : h('code', String(self.c.action)), ' ',
'idea ', a
), cb)
})
@@ -1599,7 +1603,7 @@ RenderMsg.prototype.ideaHat = function (cb) {
self.wrapMini(h('span',
self.c.action === 'take' ? 'takes '
: self.c.action === 'discard' ? 'discards '
- : h('code', self.c.action), ' ',
+ : h('code', String(self.c.action)), ' ',
'idea ', a
), cb)
})
@@ -1619,7 +1623,7 @@ RenderMsg.prototype.ideaUpdate = function (cb) {
if (keys === 'title') {
return self.wrapMini(h('span',
'titles idea ',
- h('a', {href: self.toUrl(self.c.ideaKey)}, props.title)
+ h('a', {href: self.toUrl(self.c.ideaKey)}, String(props.title))
), cb)
}
@@ -1635,7 +1639,7 @@ RenderMsg.prototype.ideaUpdate = function (cb) {
if (keys === 'description,title') {
return self.wrap(h('div',
'describes idea ',
- h('a', {href: self.toUrl(self.c.ideaKey)}, props.title),
+ h('a', {href: self.toUrl(self.c.ideaKey)}, String(props.title)),
':',
h('blockquote', {innerHTML: self.render.markdown(props.description)})
), cb)
@@ -1671,7 +1675,7 @@ RenderMsg.prototype.aboutResource = function (cb) {
var self = this
return self.wrap(h('div',
'describes resource ',
- h('a', {href: self.toUrl(self.c.about)}, self.c.name),
+ h('a', {href: self.toUrl(self.c.about)}, String(self.c.name)),
':',
h('blockquote', {innerHTML: self.render.markdown(self.c.description)})
), cb)
@@ -1778,7 +1782,7 @@ RenderMsg.prototype.pollPosition = function (cb) {
}),
h('p',
'picked ',
- choice ? h('q', choice) : ['choice ', details.choice || '?']
+ choice ? h('q', choice) : ['choice ', String(details.choice || '?')]
),
reason ? h('div', {innerHTML: self.render.markdown(reason, self.c.mentions)}) : ''
), cb)