Merge remote-tracking branch 'upstream/master' into clicks-by-device-type
This commit is contained in:
vladimir
commit
10dd23fee4
9 changed files with 66 additions and 16 deletions
|
|
@ -655,6 +655,9 @@ module.exports.create = (campaign, opts, callback) => {
|
|||
Object.keys(campaign).forEach(key => {
|
||||
let value = typeof campaign[key] === 'number' ? campaign[key] : (campaign[key] || '').toString().trim();
|
||||
key = tools.toDbKey(key);
|
||||
if (key === 'description') {
|
||||
value = tools.purifyHTML(value);
|
||||
}
|
||||
if (allowedKeys.indexOf(key) >= 0 && keys.indexOf(key) < 0) {
|
||||
keys.push(key);
|
||||
values.push(value);
|
||||
|
|
@ -827,6 +830,9 @@ module.exports.update = (id, updates, callback) => {
|
|||
Object.keys(campaign).forEach(key => {
|
||||
let value = typeof campaign[key] === 'number' ? campaign[key] : (campaign[key] || '').toString().trim();
|
||||
key = tools.toDbKey(key);
|
||||
if (key === 'description') {
|
||||
value = tools.purifyHTML(value);
|
||||
}
|
||||
if (allowedKeys.indexOf(key) >= 0 && keys.indexOf(key) < 0) {
|
||||
keys.push(key);
|
||||
values.push(value);
|
||||
|
|
|
|||
|
|
@ -123,6 +123,9 @@ module.exports.create = (list, callback) => {
|
|||
Object.keys(list).forEach(key => {
|
||||
let value = list[key].trim();
|
||||
key = tools.toDbKey(key);
|
||||
if (key === 'description') {
|
||||
value = tools.purifyHTML(value);
|
||||
}
|
||||
if (allowedKeys.indexOf(key) >= 0) {
|
||||
keys.push(key);
|
||||
values.push(value);
|
||||
|
|
@ -182,6 +185,9 @@ module.exports.update = (id, updates, callback) => {
|
|||
Object.keys(updates).forEach(key => {
|
||||
let value = updates[key].trim();
|
||||
key = tools.toDbKey(key);
|
||||
if (key === 'description') {
|
||||
value = tools.purifyHTML(value);
|
||||
}
|
||||
if (allowedKeys.indexOf(key) >= 0) {
|
||||
keys.push(key);
|
||||
values.push(value);
|
||||
|
|
|
|||
|
|
@ -88,6 +88,9 @@ module.exports.create = (template, callback) => {
|
|||
Object.keys(template).forEach(key => {
|
||||
let value = template[key].trim();
|
||||
key = tools.toDbKey(key);
|
||||
if (key === 'description') {
|
||||
value = tools.purifyHTML(value);
|
||||
}
|
||||
if (allowedKeys.indexOf(key) >= 0) {
|
||||
keys.push(key);
|
||||
values.push(value);
|
||||
|
|
@ -133,6 +136,9 @@ module.exports.update = (id, updates, callback) => {
|
|||
Object.keys(updates).forEach(key => {
|
||||
let value = updates[key].trim();
|
||||
key = tools.toDbKey(key);
|
||||
if (key === 'description') {
|
||||
value = tools.purifyHTML(value);
|
||||
}
|
||||
if (allowedKeys.indexOf(key) >= 0) {
|
||||
keys.push(key);
|
||||
values.push(value);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ try {
|
|||
LdapStrategy = require('passport-ldapjs').Strategy; // eslint-disable-line global-require
|
||||
} catch (E) {
|
||||
if (config.ldap.enabled) {
|
||||
log.info('LDAP', 'Module "passport-ldapjs" not installed. LDAP auth will fail.');
|
||||
log.info('LDAP', 'Module "passport-ldapjs" not installed. LDAP auth will fail.');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
29
lib/tools.js
29
lib/tools.js
|
|
@ -6,8 +6,10 @@ let Isemail = require('isemail');
|
|||
let urllib = require('url');
|
||||
let juice = require('juice');
|
||||
let jsdom = require('jsdom');
|
||||
let he = require('he');
|
||||
let _ = require('./translate')._;
|
||||
let util = require('util');
|
||||
let createDOMPurify = require('dompurify');
|
||||
|
||||
let blockedUsers = ['abuse', 'admin', 'billing', 'compliance', 'devnull', 'dns', 'ftp', 'hostmaster', 'inoc', 'ispfeedback', 'ispsupport', 'listrequest', 'list', 'maildaemon', 'noc', 'noreply', 'noreply', 'null', 'phish', 'phishing', 'postmaster', 'privacy', 'registrar', 'root', 'security', 'spam', 'support', 'sysadmin', 'tech', 'undisclosedrecipients', 'unsubscribe', 'usenet', 'uucp', 'webmaster', 'www'];
|
||||
|
||||
|
|
@ -22,6 +24,7 @@ module.exports = {
|
|||
formatMessage,
|
||||
getMessageLinks,
|
||||
prepareHtml,
|
||||
purifyHTML,
|
||||
workers: new Set()
|
||||
};
|
||||
|
||||
|
|
@ -169,7 +172,7 @@ function getMessageLinks(serviceUrl, campaign, list, subscription) {
|
|||
};
|
||||
}
|
||||
|
||||
function formatMessage(serviceUrl, campaign, list, subscription, message, filter) {
|
||||
function formatMessage(serviceUrl, campaign, list, subscription, message, filter, isHTML) {
|
||||
filter = typeof filter === 'function' ? filter : (str => str);
|
||||
|
||||
let links = getMessageLinks(serviceUrl, campaign, list, subscription);
|
||||
|
|
@ -180,7 +183,9 @@ function formatMessage(serviceUrl, campaign, list, subscription, message, filter
|
|||
return links[key];
|
||||
}
|
||||
if (subscription.mergeTags.hasOwnProperty(key)) {
|
||||
return subscription.mergeTags[key];
|
||||
return isHTML ? he.encode(subscription.mergeTags[key], {
|
||||
useNamedReferences: true
|
||||
}) : subscription.mergeTags[key];
|
||||
}
|
||||
return false;
|
||||
};
|
||||
|
|
@ -196,8 +201,13 @@ function prepareHtml(html, callback) {
|
|||
if (!(html || '').toString().trim()) {
|
||||
return callback(null, false);
|
||||
}
|
||||
|
||||
jsdom.env(html, (err, win) => {
|
||||
jsdom.env(false, false, {
|
||||
html,
|
||||
features: {
|
||||
FetchExternalResources: false, // disables resource loading over HTTP / filesystem
|
||||
ProcessExternalResources: false // do not execute JS within script blocks
|
||||
}
|
||||
}, (err, win) => {
|
||||
if (err) {
|
||||
return callback(err);
|
||||
}
|
||||
|
|
@ -224,3 +234,14 @@ function prepareHtml(html, callback) {
|
|||
return callback(null, juice(preparedHtml));
|
||||
});
|
||||
}
|
||||
|
||||
function purifyHTML(html) {
|
||||
let win = jsdom.jsdom('', {
|
||||
features: {
|
||||
FetchExternalResources: false, // disables resource loading over HTTP / filesystem
|
||||
ProcessExternalResources: false // do not execute JS within script blocks
|
||||
}
|
||||
}).defaultView;
|
||||
let DOMPurify = createDOMPurify(win);
|
||||
return DOMPurify.sanitize(html);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue