changed xss lib to sanitize not validator

services/web/app/coffee/Features/Editor/EditorController.coffee

@@ -1,6 +1,6 @@
 logger = require('logger-sharelatex')
 Metrics = require('../../infrastructure/Metrics')
-sanitize = require('validator').sanitize
+sanitize = require('sanitizer')
 ProjectEditorHandler = require('../Project/ProjectEditorHandler')
 ProjectEntityHandler = require('../Project/ProjectEntityHandler')
 ProjectOptionsHandler = require('../Project/ProjectOptionsHandler')
@@ -163,7 +163,7 @@ module.exports = EditorController =
 
 	addDoc: (project_id, folder_id, docName, docLines, sl_req_id, callback = (error, doc)->)->
 		{callback, sl_req_id} = slReqIdHelper.getCallbackAndReqId(callback, sl_req_id)
-		docName = sanitize(docName).xss()
+		docName = sanitize.escape(docName)
 		logger.log sl_req_id:sl_req_id, "sending new doc to project #{project_id}"
 		Metrics.inc "editor.add-doc"
 		ProjectEntityHandler.addDoc project_id, folder_id, docName, docLines, sl_req_id, (err, doc, folder_id)=>
@@ -172,7 +172,7 @@ module.exports = EditorController =
 
 	addFile: (project_id, folder_id, fileName, path, sl_req_id, callback = (error, file)->)->
 		{callback, sl_req_id} = slReqIdHelper.getCallbackAndReqId(callback, sl_req_id)
-		fileName = sanitize(fileName).xss()
+		fileName = sanitize.escape(fileName)
 		logger.log  sl_req_id:sl_req_id, "sending new file to project #{project_id} with folderid: #{folder_id}"
 		Metrics.inc "editor.add-file"
 		ProjectEntityHandler.addFile project_id, folder_id, fileName, path, (err, fileRef, folder_id)=>
@@ -185,7 +185,7 @@ module.exports = EditorController =
 
 	addFolder: (project_id, folder_id, folderName, sl_req_id, callback = (error, folder)->)->
 		{callback, sl_req_id} = slReqIdHelper.getCallbackAndReqId(callback, sl_req_id)
-		folderName = sanitize(folderName).xss()
+		folderName = sanitize.escape(folderName)
 		logger.log "sending new folder to project #{project_id}"
 		Metrics.inc "editor.add-folder"
 		ProjectEntityHandler.addFolder project_id, folder_id, folderName, (err, folder, folder_id)=>

services/web/app/coffee/Features/User/UserRegistrationHandler.coffee

@@ -1,4 +1,4 @@
-sanitize = require('validator').sanitize
+sanitize = require('sanitizer')
 
 module.exports =
 	validateEmail : (email) ->
@@ -13,7 +13,7 @@ module.exports =
 		return hasZeroLength
 
 	validateRegisterRequest : (req, callback)->
-		email = sanitize(req.body.email).xss().trim().toLowerCase()
+		email = sanitize.escape(req.body.email).trim().toLowerCase()
 		password = req.body.password
 		username = email.match(/^[^@]*/)
 		if username?

services/web/app/coffee/controllers/ProjectController.coffee

@@ -1,6 +1,6 @@
 User = require('../models/User').User
 Project = require('../models/Project').Project
-sanitize = require('validator').sanitize
+sanitize = require('sanitizer')
 path = require "path"
 logger = require('logger-sharelatex')
 _ = require('underscore')
@@ -72,8 +72,8 @@ module.exports = class ProjectController
 
 	apiNewProject: (req, res)->
 		user = req.session.user
-		projectName = sanitize(req.body.projectName).xss()
-		template = sanitize(req.body.template).xss()
+		projectName = sanitize.escape(req.body.projectName)
+		template = sanitize.escape(req.body.template)
 		logger.log user: user, type: template, name: projectName, "creating project"
 		if template == 'example'
 			projectCreationHandler.createExampleProject user._id, projectName, (err, project)->

services/web/app/coffee/controllers/UserController.coffee

@@ -1,5 +1,5 @@
 User = require('../models/User').User
-sanitize = require('validator').sanitize
+sanitize = require('sanitizer')
 fs = require('fs')
 _ = require('underscore')
 logger = require('logger-sharelatex')
@@ -95,8 +95,8 @@ module.exports =
 			title: 'Password Reset',
 
 	doRequestPasswordReset : (req, res, next = (error) ->)->
-		email = sanitize(req.body.email).xss()
-		email = sanitize(email).trim()
+		email = sanitize.escape(req.body.email)
+		email = sanitize.escape(email).trim()
 		email = email.toLowerCase()
 		logger.log email: email, "password reset requested"
 		User.findOne {'email':email}, (err, user)->
@@ -156,11 +156,11 @@ module.exports =
 		metrics.inc "user.settings-update"
 		User.findById req.session.user._id, (err, user)->
 			if(user)
-				user.first_name   = sanitize(req.body.first_name).xss().trim()
-				user.last_name    = sanitize(req.body.last_name).xss().trim()
-				user.ace.mode     = sanitize(req.body.mode).xss().trim()
-				user.ace.theme    = sanitize(req.body.theme).xss().trim()
-				user.ace.fontSize = sanitize(req.body.fontSize).xss().trim()
+				user.first_name   = sanitize.escape(req.body.first_name).trim()
+				user.last_name    = sanitize.escape(req.body.last_name).trim()
+				user.ace.mode     = sanitize.escape(req.body.mode).trim()
+				user.ace.theme    = sanitize.escape(req.body.theme).trim()
+				user.ace.fontSize = sanitize.escape(req.body.fontSize).trim()
 				user.ace.autoComplete = req.body.autoComplete == "true"
 				user.ace.spellCheckLanguage = req.body.spellCheckLanguage
 				user.ace.pdfViewer = req.body.pdfViewer

services/web/app/coffee/managers/CollaberationManager.coffee

@@ -1,7 +1,7 @@
 #this file is being slowly refactored out
 
 logger = require('logger-sharelatex')
-sanitize = require('validator').sanitize
+sanitize = require('sanitizer')
 projectHandler = require('../handlers/ProjectHandler')
 projectHandler = new projectHandler()
 SecurityManager = require('./SecurityManager')
@@ -21,7 +21,7 @@ module.exports = class CollaberationManager
 		projectHandler.deleteProject project_id, callback
 
 	renameEntity: (project_id, entity_id, entityType, newName, callback)->
-		newName = sanitize(newName).xss()
+		newName = sanitize.escape(newName)
 		metrics.inc "editor.rename-entity"
 		logger.log entity_id:entity_id, entity_id:entity_id, entity_id:entity_id, "reciving new name for entity for project"
 		projectHandler.renameEntity project_id, entity_id, entityType, newName, =>
@@ -36,9 +36,9 @@ module.exports = class CollaberationManager
 			callback?()
 
 	renameProject: (project_id, window_id, newName, callback)->
-		newName = sanitize(newName).xss()
+		newName = sanitize.escape(newName)
 		projectHandler.renameProject project_id, window_id, newName, =>
-			newName = sanitize(newName).xss()
+			newName = sanitize.escape(newName)
 			EditorRealTimeController.emitToRoom project_id, 'projectNameUpdated', window_id, newName
 			callback?()
 
@@ -48,7 +48,7 @@ module.exports = class CollaberationManager
 			callback?()
 
 	distributMessage: (project_id, client, message)->
-		message = sanitize(message).xss()
+		message = sanitize.escape(message)
 		metrics.inc "editor.instant-message"
 		client.get "first_name", (err, first_name)=>
 			EditorRealTimeController.emitToRoom project_id, 'reciveNewMessage', first_name, message

services/web/app/coffee/models/Project.coffee

@@ -3,7 +3,7 @@ Settings = require 'settings-sharelatex'
 _ = require('underscore')
 FolderSchema = require('./Folder.js').FolderSchema
 logger = require('logger-sharelatex')
-sanitize = require('validator').sanitize
+sanitize = require('sanitizer')
 concreteObjectId = require('mongoose').Types.ObjectId
 Errors  = require "../errors"
 
@@ -112,7 +112,7 @@ applyToAllFilesRecursivly = ProjectSchema.statics.applyToAllFilesRecursivly = (f
 
 ProjectSchema.methods.getSafeProjectName = ->
 	safeProjectName = this.name.replace(new RegExp("\\W", "g"), '_')
-	return sanitize(safeProjectName).xss()
+	return sanitize.escape(safeProjectName)
 
 conn = mongoose.createConnection(Settings.mongo.url, server: poolSize: Settings.mongo.poolSize || 10)
 

services/web/package.json

@@ -9,7 +9,6 @@
     "express": "3.3.4",
     "mongoose": "3.6.19",
     "jade": "0.28.1",
-    "validator": "0.4.22",
     "underscore": "1.4.4",
     "node-fs": "0.1.5",
     "rimraf": "2.1.2",
@@ -38,6 +37,8 @@
     "nodetime": "0.8.15",
     "mocha": "1.17.1",
     "redback": "0.3.7"
+    "redback": "0.3.7",
+    "sanitizer": "0.1.1"
   },
   "devDependencies": {
     "chai": "",