From 77992d18d0285742d687c003ccbf2cec1b13c6d1 Mon Sep 17 00:00:00 2001
From: Jack <bartnikjack@gmail.com>
Date: Fri, 23 Jul 2021 01:11:18 +0100
Subject: [PATCH] little security patch

---
 functions/index.js | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/functions/index.js b/functions/index.js
index 0237a74b0..70451d9a4 100644
--- a/functions/index.js
+++ b/functions/index.js
@@ -1784,19 +1784,29 @@ exports.saveConfig = functions.https.onCall((request, response) => {
       }
       if (err) return;
       if (key === "resultFilters") return;
-      if (key === "customBackground") return;
-      if (key === "customLayoutfluid") return;
       let val = obj[key];
       if (Array.isArray(val)) {
         val.forEach((valarr) => {
-          if (!isConfigKeyValid(valarr)) {
+          if (key === "customBackground" || key === "customLayoutfluid") {
+            if (/[<>]/.test(valarr)) {
+              err = true;
+              console.error(`${key}: ${valarr} failed regex check`);
+              errorMessage = `${key}: ${valarr} failed regex check`;
+            }
+          } else if (!isConfigKeyValid(valarr)) {
             err = true;
             console.error(`${key}: ${valarr} failed regex check`);
             errorMessage = `${key}: ${valarr} failed regex check`;
           }
         });
       } else {
-        if (!isConfigKeyValid(val)) {
+        if (key === "customBackground" || key === "customLayoutfluid") {
+          if (/[<>]/.test(val)) {
+            err = true;
+            console.error(`${key}: ${valarr} failed regex check`);
+            errorMessage = `${key}: ${valarr} failed regex check`;
+          }
+        } else if (!isConfigKeyValid(val)) {
           err = true;
           console.error(`${key}: ${val} failed regex check`);
           errorMessage = `${key}: ${val} failed regex check`;