github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #4289 from overleaf/em-sk-rename-sanitize

Browse source 
Do not HTML escape the file name when renaming a file

GitOrigin-RevId: 9b6441e2f53bc34086de9c6a19fa526b833a9134
This commit is contained in:
Eric Mc Sween 2021-07-08 09:54:42 -04:00 committed by Copybot
parent 611019d718
commit ac90b29928
5 changed files with 7 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/web/app/src/Features/Compile/CompileController.js
View file

@ -21,7 +21,6 @@ const CompileManager = require('./CompileManager')
const ClsiManager = require('./ClsiManager') const ClsiManager = require('./ClsiManager')
const logger = require('logger-sharelatex') const logger = require('logger-sharelatex')
const request = require('request') const request = require('request')
const sanitize = require('sanitizer')
const Settings = require('@overleaf/settings') const Settings = require('@overleaf/settings')
const AuthenticationController = require('../Authentication/AuthenticationController') const AuthenticationController = require('../Authentication/AuthenticationController')
const UserGetter = require('../User/UserGetter') const UserGetter = require('../User/UserGetter')
@ -266,7 +265,7 @@ module.exports = CompileController = {
_getSafeProjectName(project) { _getSafeProjectName(project) {
const wordRegExp = /\W/g const wordRegExp = /\W/g
const safeProjectName = project.name.replace(wordRegExp, '_') const safeProjectName = project.name.replace(wordRegExp, '_')
return sanitize.escape(safeProjectName) return safeProjectName
}, },
deleteAuxFiles(req, res, next) { deleteAuxFiles(req, res, next) {

2
services/web/app/src/Features/Editor/EditorController.js
View file

@ -16,7 +16,6 @@
const logger = require('logger-sharelatex') const logger = require('logger-sharelatex')
const OError = require('@overleaf/o-error') const OError = require('@overleaf/o-error')
const Metrics = require('@overleaf/metrics') const Metrics = require('@overleaf/metrics')
const sanitize = require('sanitizer')
const ProjectEntityUpdateHandler = require('../Project/ProjectEntityUpdateHandler') const ProjectEntityUpdateHandler = require('../Project/ProjectEntityUpdateHandler')
const ProjectOptionsHandler = require('../Project/ProjectOptionsHandler') const ProjectOptionsHandler = require('../Project/ProjectOptionsHandler')
const ProjectDetailsHandler = require('../Project/ProjectDetailsHandler') const ProjectDetailsHandler = require('../Project/ProjectDetailsHandler')
@ -477,7 +476,6 @@ const EditorController = {
if (callback == null) { if (callback == null) {
callback = function (error) {} callback = function (error) {}
} }
newName = sanitize.escape(newName)
Metrics.inc('editor.rename-entity') Metrics.inc('editor.rename-entity')
return ProjectEntityUpdateHandler.renameEntity( return ProjectEntityUpdateHandler.renameEntity(
project_id, project_id,

17
services/web/package-lock.json generated
View file

@ -13725,7 +13725,7 @@
"bintrees": { "bintrees": {
"version": "1.0.1", "version": "1.0.1",
"resolved": "https://registry.npmjs.org/bintrees/-/bintrees-1.0.1.tgz", "resolved": "https://registry.npmjs.org/bintrees/-/bintrees-1.0.1.tgz",
"integrity": "sha512-tbaUB1QpTIj4cKY8c1rvNAvEQXA+ekzHmbe4jzNfW3QWsF9GnnP/BRWyl6/qqS53heoYJ93naaFcm/jooONH8g==" "integrity": "sha1-DmVcm5wkNeqraL9AJyJtK1WjRSQ="
}, },
"bl": { "bl": {
"version": "4.0.3", "version": "4.0.3",
@ -20045,7 +20045,7 @@
"findit2": { "findit2": {
"version": "2.2.3", "version": "2.2.3",
"resolved": "https://registry.npmjs.org/findit2/-/findit2-2.2.3.tgz", "resolved": "https://registry.npmjs.org/findit2/-/findit2-2.2.3.tgz",
"integrity": "sha512-lg/Moejf4qXovVutL0Lz4IsaPoNYMuxt4PA0nGqFxnJ1CTTGGlEO2wKgoDpwknhvZ8k4Q2F+eesgkLbG2Mxfog==" "integrity": "sha1-WKRmaX34piBc39vzlVNri9d3pfY="
}, },
"findup-sync": { "findup-sync": {
"version": "3.0.0", "version": "3.0.0",
@ -25693,7 +25693,7 @@
"mkdirp": { "mkdirp": {
"version": "0.5.1", "version": "0.5.1",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
"integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=", "integrity": "sha512-SknJC52obPfGQPnjIkXbmA6+5H15E+fR+E4iR2oQ3zzCLbd7/ONua69R/Gw7AgkTLsRG+r5fzksYwWe1AgTyWA==",
"requires": { "requires": {
"minimist": "0.0.8" "minimist": "0.0.8"
}, },
@ -26072,7 +26072,7 @@
"module-details-from-path": { "module-details-from-path": {
"version": "1.0.3", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/module-details-from-path/-/module-details-from-path-1.0.3.tgz", "resolved": "https://registry.npmjs.org/module-details-from-path/-/module-details-from-path-1.0.3.tgz",
"integrity": "sha512-ySViT69/76t8VhE1xXHK6Ch4NcDd26gx0MzKXLO+F7NOtnqH68d9zF94nT8ZWSxXh8ELOERsnJO/sWt1xZYw5A==" "integrity": "sha1-EUyUlnPiqKNenTV4hSeqN7Z52is="
}, },
"moment": { "moment": {
"version": "2.24.0", "version": "2.24.0",
@ -31989,7 +31989,7 @@
"require-like": { "require-like": {
"version": "0.1.2", "version": "0.1.2",
"resolved": "https://registry.npmjs.org/require-like/-/require-like-0.1.2.tgz", "resolved": "https://registry.npmjs.org/require-like/-/require-like-0.1.2.tgz",
"integrity": "sha512-oyrU88skkMtDdauHDuKVrgR+zuItqr6/c//FXzvmxRGMexSDc6hNvJInGW3LL46n+8b50RykrvwSUIIQH2LQ5A==", "integrity": "sha1-rW8wwTvs15cBDEaK+ndcDAprR/o=",
"dev": true "dev": true
}, },
"require-main-filename": { "require-main-filename": {
@ -32538,11 +32538,6 @@
} }
} }
}, },
"sanitizer": {
"version": "0.1.1",
"resolved": "https://registry.npmjs.org/sanitizer/-/sanitizer-0.1.1.tgz",
"integrity": "sha512-/0aR4ibYWaa5DTXWs4HeFoL6m78SKU4oXU3WsTYUkVkmjd5jREVjigEOxqYU0sNNL1T+5C++IDGrHz8iPWEYFA=="
},
"saslprep": { "saslprep": {
"version": "1.0.3", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/saslprep/-/saslprep-1.0.3.tgz", "resolved": "https://registry.npmjs.org/saslprep/-/saslprep-1.0.3.tgz",
@ -35174,7 +35169,7 @@
"tdigest": { "tdigest": {
"version": "0.1.1", "version": "0.1.1",
"resolved": "https://registry.npmjs.org/tdigest/-/tdigest-0.1.1.tgz", "resolved": "https://registry.npmjs.org/tdigest/-/tdigest-0.1.1.tgz",
"integrity": "sha512-CXcDY/NIgIbKZPx5H4JJNpq6JwJhU5Z4+yWj4ZghDc7/9nVajiRlPPyMXRePPPlBfcayUqtoCXjo7/Hm82ecUA==", "integrity": "sha1-Ljyyw56kSeVdHmzZEReszKRYgCE=",
"requires": { "requires": {
"bintrees": "1.0.1" "bintrees": "1.0.1"
} }

1
services/web/package.json
View file

@ -161,7 +161,6 @@
"rimraf": "2.2.6", "rimraf": "2.2.6",
"rolling-rate-limiter": "^0.2.10", "rolling-rate-limiter": "^0.2.10",
"sanitize-html": "^1.27.1", "sanitize-html": "^1.27.1",
"sanitizer": "0.1.1",
"scroll-into-view-if-needed": "^2.2.25", "scroll-into-view-if-needed": "^2.2.25",
"underscore": "^1.13.1", "underscore": "^1.13.1",
"url-parse": "^1.4.7", "url-parse": "^1.4.7",

7
services/web/test/unit/src/User/UserInfoControllerTests.js
View file

@ -23,12 +23,6 @@ describe('UserInfoController', function () {
beforeEach(function () { beforeEach(function () {
this.UserDeleter = { deleteUser: sinon.stub().callsArgWith(1) } this.UserDeleter = { deleteUser: sinon.stub().callsArgWith(1) }
this.UserUpdater = { updatePersonalInfo: sinon.stub() } this.UserUpdater = { updatePersonalInfo: sinon.stub() }
this.sanitizer = {
escape(v) {
return v
},
}
sinon.spy(this.sanitizer, 'escape')
this.UserGetter = {} this.UserGetter = {}
this.UserInfoController = SandboxedModule.require(modulePath, { this.UserInfoController = SandboxedModule.require(modulePath, {
@ -37,7 +31,6 @@ describe('UserInfoController', function () {
'./UserGetter': this.UserGetter, './UserGetter': this.UserGetter,
'./UserUpdater': this.UserUpdater, './UserUpdater': this.UserUpdater,
'./UserDeleter': this.UserDeleter, './UserDeleter': this.UserDeleter,
sanitizer: this.sanitizer,
'../Authentication/AuthenticationController': (this.AuthenticationController = { '../Authentication/AuthenticationController': (this.AuthenticationController = {
getLoggedInUserId: sinon.stub(), getLoggedInUserId: sinon.stub(),
}), }),