#51 Added XSS validation on the client-side
parent
a7e8cbfb4b
commit
91962dc257
|
@ -3,6 +3,7 @@
|
|||
const mw = require('../middleware.js'),
|
||||
router = require('express').Router(),
|
||||
slug = require('slug'),
|
||||
xss = require('xss'),
|
||||
User = require('../models.js').user;
|
||||
|
||||
// Index
|
||||
|
@ -38,11 +39,9 @@ router.get('/favicon.ico', (req,res)=>{
|
|||
|
||||
// Endpoint to validate forms
|
||||
router.get('/validate', (req,res)=>{
|
||||
console.log(req.query);
|
||||
|
||||
// Validate unique slug
|
||||
if (req.query.slug) {
|
||||
console.log(`Checking slug: ${req.query.slug} for user ${req.user.id}`);
|
||||
User.findOne({ slug: slug(req.query.slug) })
|
||||
.then( (existingUser)=>{
|
||||
if (existingUser && existingUser.id!==req.user.id) {
|
||||
|
@ -55,7 +54,6 @@ router.get('/validate', (req,res)=>{
|
|||
|
||||
// Validate unique email
|
||||
else if (req.query.email) {
|
||||
console.log(`Checking email: ${req.query.email} for user ${req.user.id}`);
|
||||
User.findOne({ email: req.query.email })
|
||||
.then( (existingUser)=>{
|
||||
if (existingUser && existingUser.id!==req.user.id) {
|
||||
|
@ -71,6 +69,10 @@ router.get('/validate', (req,res)=>{
|
|||
res.send(slug(req.query.slugify));
|
||||
}
|
||||
|
||||
else if (req.query.xss) {
|
||||
res.send(xss(req.query.xss));
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
// Link to androidapp in play store
|
||||
|
@ -84,4 +86,4 @@ router.get('/ios', (req,res)=>{
|
|||
res.redirect('/help#why-is-there-no-ios-app');
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
module.exports = router;
|
||||
|
|
|
@ -7,12 +7,11 @@ function validateEmail(email) {
|
|||
return re.test(email);
|
||||
}
|
||||
|
||||
// Turn inputed value into slug
|
||||
function slugify(cb) {
|
||||
$.get('/validate?slugify='+$('#slug-input').val())
|
||||
// Replace inputed value with response
|
||||
function validateFromEndpoint(type, selector, cb) {
|
||||
$.get('/validate?'+type+'='+$(selector).val())
|
||||
.done(function(data){
|
||||
console.log('Got '+data);
|
||||
$('#slug-input').val(data);
|
||||
$(selector).val(data);
|
||||
cb();
|
||||
});
|
||||
}
|
||||
|
@ -90,8 +89,8 @@ $(function(){
|
|||
|
||||
// Validate slug
|
||||
$('#slug-input').change(function(){
|
||||
slugify( function(){
|
||||
validateForm('slug');
|
||||
validateFromEndpoint('slugify','#slug-input',function(){
|
||||
validateForm(slug);
|
||||
});
|
||||
});
|
||||
|
||||
|
@ -100,8 +99,10 @@ $(function(){
|
|||
validateForm('email');
|
||||
});
|
||||
|
||||
// Validate form after name change
|
||||
$('#name-input').change(validateForm);
|
||||
// Validate name
|
||||
$('#name-input').change(function(){
|
||||
validateFromEndpoint('xss','#name-input',validateForm);
|
||||
});
|
||||
|
||||
// Delete account
|
||||
$('#delete').click(function(){
|
||||
|
|
Loading…
Reference in New Issue