public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

do not allow script tags in description html

Browse source
This commit is contained in:
Andris Reinman 2017-03-19 14:22:44 +02:00
parent 0879fa412a
commit ae6affda81
5 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/models/campaigns.js
View file

@ -619,6 +619,9 @@ module.exports.create = (campaign, opts, callback) => {
Object.keys(campaign).forEach(key => {
let value = typeof campaign[key] === 'number' ? campaign[key] : (campaign[key] || '').toString().trim();
key = tools.toDbKey(key);
if (key === 'description') {
value = tools.purifyHTML(value);
}
if (allowedKeys.indexOf(key) >= 0 && keys.indexOf(key) < 0) {
keys.push(key);
values.push(value);
@ -791,6 +794,9 @@ module.exports.update = (id, updates, callback) => {
Object.keys(campaign).forEach(key => {
let value = typeof campaign[key] === 'number' ? campaign[key] : (campaign[key] || '').toString().trim();
key = tools.toDbKey(key);
if (key === 'description') {
value = tools.purifyHTML(value);
}
if (allowedKeys.indexOf(key) >= 0 && keys.indexOf(key) < 0) {
keys.push(key);
values.push(value);