backend security enhancements

Postr-Inc / Frontend

This is the official open source app for Postr

https://postr-inc.me

MIT License

3 stars 1 forks source link

backend security enhancements #3

Closed MalikWhitten67 closed 12 months ago

MalikWhitten67 commented 12 months ago

Stop xss attacks by - creating a post endpoint, that handles post creation before the database.

MalikWhitten67 commented 12 months ago


// main.pb.js

onRecordBeforeCreateRequest((e) => {
    const  sanitize = require('./utils/xss/sanitize.js') 
    let record = e.record 
    e.record.content  ?  e.record.content = sanitize.clean(e.record.content) : e.record.text = sanitize.clean(e.record.text)
}, "posts", "comments")

MalikWhitten67 commented 12 months ago

//utils/xss/sanitize.js
let sanitizer = require('html-sanitizer')
module.exports = {
 clean: (d) =>{
    return sanitizer.clean(d, {
    allowedAttributes: {
    a: [ 'href', 'name', 'target' ]
   }
   })
  }
}

MalikWhitten67 commented 12 months ago

As of yesterday, posts and comments are both checked for xss attacks, and the content is ran through a filter!