Skip to content
Permalink
Browse files

refactor: Properly unescape tags, update deps, simplify code with lod…

…ash, use Remy's eslint rules (Closes #1375)

Signed-off-by: Richie Bendall <richiebendall@gmail.com>
  • Loading branch information...
Richienb committed Nov 6, 2019
1 parent 2cd12f2 commit 054b6b76c72bdab2238d04c8935d7519900a7926
Showing with 928 additions and 217 deletions.
  1. +1 −0 .eslintrc.js
  2. +0 −25 .eslintrc.json
  3. +0 −3 .prettierrc.yaml
  4. +9 −8 package.json
  5. +9 −9 routes/get.js
  6. +5 −4 routes/post.js
  7. +11 −3 routes/utils.js
  8. +893 −165 yarn.lock
@@ -0,0 +1 @@
module.exports = require('@remy/eslint')('node');

This file was deleted.

This file was deleted.

@@ -30,33 +30,34 @@
},
"license": "MIT",
"dependencies": {
"@octokit/rest": "^16.33.1",
"@octokit/rest": "^16.34.1",
"btoa": "^1.2.1",
"ejs": "^2.7.1",
"express": "^4.17.1",
"express-minify": "^1.0.0",
"lodash": "^4.17.15",
"md5": "^2.2.1",
"postcss-middleware": "^1.1.4",
"postcss-preset-env": "^6.7.0",
"serve-favicon": "^2.5.0"
},
"devDependencies": {
"@remy/eslint": "^3.2.2",
"@types/btoa": "^1.2.3",
"@types/css": "^0.0.31",
"@types/ejs": "^2.6.3",
"@types/express": "^4.17.1",
"@types/express": "^4.17.2",
"@types/express-minify": "^0.1.34",
"@types/lodash": "^4.14.144",
"@types/md5": "^2.1.33",
"@types/node": "^12.11.1",
"@types/node": "^12.12.6",
"babel-eslint": "^10.0.3",
"css": "^2.2.4",
"eslint": "^6.5.1",
"eslint-config-prettier": "^6.4.0",
"eslint": "^6.6.0",
"eslint-plugin-node": "^10.0.0",
"eslint-plugin-prettier": "^3.1.1",
"has-flag": "^4.0.0",
"husky": "^3.0.9",
"nodemon": "^1.19.4",
"prettier": "^1.18.2"
"nodemon": "^1.19.4"
},
"resolutions": {
"postcss-middleware/vinyl-fs/glob-stream/micromatch/braces": "^3.0.2"
@@ -1,14 +1,14 @@
const md5 = require('md5');
const path = require('path');
const { stripTags, escapeTags } = require('./utils');
const { stripTags, escapeTags, unescapeTags } = require('./utils');
const _ = require('lodash');

function getCopyrightHTML(user, plain) {
let html = '';

const name =
typeof user === 'string'
? user
: plain
const name = _.isString(user)
? user
: plain
? user.name || user.copyright
: escapeTags(user.name || user.copyright);

@@ -34,9 +34,9 @@ module.exports = (req, res) => {

// No error and valid
if (user.copyright) {
if (typeof user.copyright === 'string') {
if (_.isString(user.copyright)) {
name = getCopyrightHTML(user, options.format !== 'html');
} else if (user.copyright.every(val => typeof val === 'string')) {
} else if (user.copyright.every(val => _.isString(val))) {
// Supports: ['Remy Sharp', 'Richie Bendall']
name = user
.map(_ => (options.format !== 'html' ? _ : escapeTags(_)))
@@ -51,7 +51,7 @@ module.exports = (req, res) => {
gravatar = `<img id="gravatar" alt="Profile image" src="https://www.gravatar.com/avatar/${md5(
user.email.trim().toLowerCase()
)}" />`;
} else if (typeof user.copyright[0] === 'object' && user.gravatar) {
} else if (_.isObject(user.copyright[0]) && user.gravatar) {
// Supports multi-user format
gravatar = `<img id="gravatar" alt="Profile image" src="https://www.gravatar.com/avatar/${md5(
user.copyright[0].email.trim().toLowerCase()
@@ -82,7 +82,7 @@ module.exports = (req, res) => {

res
.set('Content-Type', 'text/plain; charset=UTF-8')
.send(stripTags(plain).trim());
.send(unescapeTags(stripTags(plain)).trim());
return;
}

@@ -5,6 +5,7 @@ const access = promisify(fs.access);
const writeFile = promisify(fs.writeFile);
const btoa = require('btoa');
const { version } = require(path.join(__dirname, '..', 'package.json'));
const _ = require('lodash');
const github = require('@octokit/rest')({
// GitHub personal access token
auth: process.env.github_token,
@@ -15,10 +16,10 @@ const { validDomainId } = require('./utils');

function getUserData({ query, body }) {
// If query parameters provided
if (Object.keys(query).length > 0) return query;
if (_.size(query) > 0) return query;
// If the data parsed as {'{data: "value"}': ''}
const keys = Object.keys(body);
if (keys.length === 1 && !Object.values(body)[0]) return JSON.parse(keys[0]);
if (_.size(body) === 1 && !_.first(_.values(body)))
return JSON.parse(_.first(_.keys(body)));
// Fallback
return body;
}
@@ -39,7 +40,7 @@ module.exports = async (req, res) => {
}

// Extract the name from the URL
const id = params[0];
const id = _.first(params);

if (!validDomainId(id)) {
// Return a vague error intentionally
@@ -1,8 +1,16 @@
const _ = require('lodash');

const tags = {
'<': '&lt;',
'>': '&gt;',
'&': '&amp;',
};
exports.escapeTags = str => (str || '').replace(/[<>&]/g, m => tags[m]);
exports.stripTags = str => (str || '').replace(/<(?:.|\n)*?>/gm, '');
exports.validDomainId = str => /^[\w-_]+$/.test(str);
const untags = _.invert(tags);

module.exports = {
escapeTags: str => (str || '').replace(/[<>&]/g, m => tags[m]),
unescapeTags: str =>
(str || '').replace(/(&lt;|&gt;|&amp;)/g, m => untags[m]),
stripTags: str => (str || '').replace(/<(?:.|\n)*?>/gm, ''),
validDomainId: str => /^[\w-_]+$/.test(str),
};

0 comments on commit 054b6b7

Please sign in to comment.
You can’t perform that action at this time.