use explicit json content-type to avoid security issues with text/html

This commit is contained in:
Brian Gough 2019-02-12 16:54:59 +00:00
parent 9333bf4882
commit 038c81f868
2 changed files with 12 additions and 12 deletions

View file

@ -84,7 +84,7 @@ module.exports = CompileController =
user_id = req.params.user_id user_id = req.params.user_id
CompileManager.syncFromCode project_id, user_id, file, line, column, (error, pdfPositions) -> CompileManager.syncFromCode project_id, user_id, file, line, column, (error, pdfPositions) ->
return next(error) if error? return next(error) if error?
res.send JSON.stringify { res.json {
pdf: pdfPositions pdf: pdfPositions
} }
@ -96,7 +96,7 @@ module.exports = CompileController =
user_id = req.params.user_id user_id = req.params.user_id
CompileManager.syncFromPdf project_id, user_id, page, h, v, (error, codePositions) -> CompileManager.syncFromPdf project_id, user_id, page, h, v, (error, codePositions) ->
return next(error) if error? return next(error) if error?
res.send JSON.stringify { res.json {
code: codePositions code: codePositions
} }
@ -109,7 +109,7 @@ module.exports = CompileController =
CompileManager.wordcount project_id, user_id, file, image, (error, result) -> CompileManager.wordcount project_id, user_id, file, image, (error, result) ->
return next(error) if error? return next(error) if error?
res.send JSON.stringify { res.json {
texcount: result texcount: result
} }

View file

@ -144,7 +144,7 @@ describe "CompileController", ->
file: @file file: @file
line: @line.toString() line: @line.toString()
column: @column.toString() column: @column.toString()
@res.send = sinon.stub() @res.json = sinon.stub()
@CompileManager.syncFromCode = sinon.stub().callsArgWith(5, null, @pdfPositions = ["mock-positions"]) @CompileManager.syncFromCode = sinon.stub().callsArgWith(5, null, @pdfPositions = ["mock-positions"])
@CompileController.syncFromCode @req, @res, @next @CompileController.syncFromCode @req, @res, @next
@ -155,8 +155,8 @@ describe "CompileController", ->
.should.equal true .should.equal true
it "should return the positions", -> it "should return the positions", ->
@res.send @res.json
.calledWith(JSON.stringify .calledWith(
pdf: @pdfPositions pdf: @pdfPositions
) )
.should.equal true .should.equal true
@ -173,7 +173,7 @@ describe "CompileController", ->
page: @page.toString() page: @page.toString()
h: @h.toString() h: @h.toString()
v: @v.toString() v: @v.toString()
@res.send = sinon.stub() @res.json = sinon.stub()
@CompileManager.syncFromPdf = sinon.stub().callsArgWith(5, null, @codePositions = ["mock-positions"]) @CompileManager.syncFromPdf = sinon.stub().callsArgWith(5, null, @codePositions = ["mock-positions"])
@CompileController.syncFromPdf @req, @res, @next @CompileController.syncFromPdf @req, @res, @next
@ -184,8 +184,8 @@ describe "CompileController", ->
.should.equal true .should.equal true
it "should return the positions", -> it "should return the positions", ->
@res.send @res.json
.calledWith(JSON.stringify .calledWith(
code: @codePositions code: @codePositions
) )
.should.equal true .should.equal true
@ -199,7 +199,7 @@ describe "CompileController", ->
@req.query = @req.query =
file: @file file: @file
image: @image = "example.com/image" image: @image = "example.com/image"
@res.send = sinon.stub() @res.json = sinon.stub()
@CompileManager.wordcount = sinon.stub().callsArgWith(4, null, @texcount = ["mock-texcount"]) @CompileManager.wordcount = sinon.stub().callsArgWith(4, null, @texcount = ["mock-texcount"])
@CompileController.wordcount @req, @res, @next @CompileController.wordcount @req, @res, @next
@ -210,8 +210,8 @@ describe "CompileController", ->
.should.equal true .should.equal true
it "should return the texcount info", -> it "should return the texcount info", ->
@res.send @res.json
.calledWith(JSON.stringify .calledWith(
texcount: @texcount texcount: @texcount
) )
.should.equal true .should.equal true