monkeytypegame/monkeytype
1
1
Fork 0
mirror of https://github.com/monkeytypegame/monkeytype.git synced 2025-02-04 04:51:16 +08:00
Code Issues Projects Releases Packages Wiki Activity

security patch from live

Browse source
This commit is contained in:
Miodec 2021-08-03 16:08:15 +01:00
parent c4fdeb53ae
commit 6ff2984ef7
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
backend/handlers/validation.js
View file

@ -80,8 +80,16 @@ function validateConfig(config) {
if (!isConfigKeyValid(key)) {
throw new MonkeyError(500, `Invalid config: ${key} failed regex check`);
}
if (key === "resultFilters") return;
if (key === "customBackground") return;
// if (key === "resultFilters") return;
// if (key === "customBackground") return;
if (key === "customBackground" || key === "customLayoutfluid") {
if (/[<>]/.test(config[key])) {
throw new MonkeyError(
500,
`Invalid config: ${key}:${config.key} failed regex check`
);
}
}
let val = config[key];
if (Array.isArray(val)) {
val.forEach((valarr) => {