Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 09:06:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: XSS in event:banned messaging modal

Browse Source
This commit is contained in:
Julian Lam
2020-11-05 19:18:17 -05:00
parent 00f90cd98c
commit f68bce86a9
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/users.js
View File

@@ -1,5 +1,7 @@
'use strict'; 'use strict';
const validator = require('validator');
const db = require('../database'); const db = require('../database');
const user = require('../user'); const user = require('../user');
const groups = require('../groups'); const groups = require('../groups');
@@ -163,7 +165,7 @@ usersAPI.ban = async function (caller, data) {
sockets.in('uid_' + data.uid).emit('event:banned', { sockets.in('uid_' + data.uid).emit('event:banned', {
until: data.until, until: data.until,
reason: data.reason, reason: validator.escape(String(data.reason || '')),
}); });
await flags.resolveFlag('user', data.uid, caller.uid); await flags.resolveFlag('user', data.uid, caller.uid);