Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-17 03:01:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape navigation item fields, theme:id, category fields

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-06-26 15:19:18 -04:00
parent 903673d24c
commit 2355d9d5dd
7 changed files with 32 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/categories/data.js
View File

@@ -76,9 +76,12 @@ function modifyCategory(category, fields) {
db.parseIntFields(category, intFields, fields);
if (category.hasOwnProperty('name')) {
category.name = validator.escape(String(category.name || ''));
}
const escapeFields = ['name', 'color', 'bgColor', 'imageClass', 'class', 'link'];
escapeFields.forEach((field) => {
if (category.hasOwnProperty(field)) {
category[field] = validator.escape(String(category[field] || ''));
}
});
if (category.hasOwnProperty('icon')) {
category.icon = category.icon || 'hidden';