hedgedoc/lib/models
David Mehren f552b14e11
Sanitize username and photo URL
HedgeDoc displays the username and user photo at various places
by rendering the respective variables into an `ejs` template.
As the values are user-provided or generated from user-provided data,
it may be possible to inject unwanted HTML.

This commit sanitizes the username and photo URL by passing them
through the `xss` library.

Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 19:28:44 +02:00
..
author.js Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
index.js Run database migrations automatically on startup 2021-02-27 21:33:05 +01:00
note.js Fix Relative Path Traversal Attack on note creation 2021-04-25 20:40:17 +02:00
revision.js Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
temp.js Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
user.js Sanitize username and photo URL 2021-05-09 19:28:44 +02:00