Closed MalikWhitten67 closed 12 months ago
// main.pb.js
onRecordBeforeCreateRequest((e) => {
const sanitize = require('./utils/xss/sanitize.js')
let record = e.record
e.record.content ? e.record.content = sanitize.clean(e.record.content) : e.record.text = sanitize.clean(e.record.text)
}, "posts", "comments")
//utils/xss/sanitize.js
let sanitizer = require('html-sanitizer')
module.exports = {
clean: (d) =>{
return sanitizer.clean(d, {
allowedAttributes: {
a: [ 'href', 'name', 'target' ]
}
})
}
}
As of yesterday, posts and comments are both checked for xss attacks, and the content is ran through a filter!
Stop xss attacks by - creating a post endpoint, that handles post creation before the database.