Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 02:55:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: html sanitization on all filter:parse.* hooks, closes #7872

Browse Source
This commit is contained in:
Julian Lam
2019-08-30 14:40:11 -04:00
parent e291a60964
commit 2580306db9
2 changed files with 70 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/plugins/index.js
View File

@@ -9,6 +9,7 @@ const nconf = require('nconf');
const util = require('util');
const user = require('../user');
const posts = require('../posts');
const readdirAsync = util.promisify(fs.readdir);
@@ -124,6 +125,33 @@ Plugins.reload = async function () {
console.log('');
}
Plugins.registerHook('core', {
hook: 'filter:parse.post',
method: async (data) => {
data.postData.content = posts.sanitize(data.postData.content);
return data;
},
});
Plugins.registerHook('core', {
hook: 'filter:parse.raw',
method: async content => posts.sanitize(content),
});
Plugins.registerHook('core', {
hook: 'filter:parse.aboutme',
method: async content => posts.sanitize(content),
});
Plugins.registerHook('core', {
hook: 'filter:parse.signature',
method: async (data) => {
data.userData.signature = posts.sanitize(data.userData.signature);
return data;
},
});
// Lower priority runs earlier
Object.keys(Plugins.loadedHooks).forEach(function (hook) {
Plugins.loadedHooks[hook].sort((a, b) => a.priority - b.priority);
});