Skip to content

Commit

Permalink
Ensure form post is escaped (#536)
Browse files Browse the repository at this point in the history 
* Ensure form post is escaped

* Extend escaping
  • Loading branch information
@dave-ledgy
dave-ledgy authored Feb 20, 2024
1 parent 29e9069 commit 3bdee65
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion lib/post.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
const escapeHtml = (unsafeHtml: string) => {
return unsafeHtml
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}

const createPostForm = (postUrl: string, params: { name: string; value: string }[]) => {
const parr = (params || []).map(({ name, value }) => {
return `<input type="hidden" name="${name}" value="${value}"/>`;
return `<input type="hidden" name="${name}" value="${escapeHtml(value)}"/>`;
});

const formElements = [
Expand Down

0 comments on commit 3bdee65

Please sign in to comment.