LBRYCommunity/lbry-desktop
1
0
Fork 0
Code Issues 596 Pull requests 6 Projects Releases 238 Packages Wiki Activity

escape referrerQuery in the oEmebed xml generator

Browse source
This commit is contained in:
Dan Peterson 2022-01-04 16:15:30 -06:00 committed by Thomas Zarebczan
parent 3744f26295
commit 24cc07c09b
3 changed files with 17 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ui/util/web.js
View file

@ -61,6 +61,17 @@ function getParameterByName(name, url) {
return match && decodeURIComponent(match[1].replace(/\+/g, ' ')); return match && decodeURIComponent(match[1].replace(/\+/g, ' '));
} }
function escapeHtmlProperty(property) {
return property
? String(property)
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;')
: '';
}
// module.exports needed since the web server imports this function // module.exports needed since the web server imports this function
module.exports = { module.exports = {
CONTINENT_COOKIE, CONTINENT_COOKIE,
@ -71,4 +82,5 @@ module.exports = {
generateStreamUrl, generateStreamUrl,
getParameterByName, getParameterByName,
getThumbnailCdnUrl, getThumbnailCdnUrl,
escapeHtmlProperty,
}; };

12
web/src/html.js
View file

@ -18,6 +18,7 @@ const {
generateStreamUrl, generateStreamUrl,
getParameterByName, getParameterByName,
getThumbnailCdnUrl, getThumbnailCdnUrl,
escapeHtmlProperty,
} = require('../../ui/util/web'); } = require('../../ui/util/web');
const { getJsBundleId } = require('../bundle-id.js'); const { getJsBundleId } = require('../bundle-id.js');
const { lbryProxy: Lbry } = require('../lbry'); const { lbryProxy: Lbry } = require('../lbry');
@ -54,17 +55,6 @@ function truncateDescription(description, maxChars = 200) {
return chars.length > maxChars ? truncated + '...' : truncated; return chars.length > maxChars ? truncated + '...' : truncated;
} }
function escapeHtmlProperty(property) {
return property
? String(property)
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;')
: '';
}
function getCategoryMeta(path) { function getCategoryMeta(path) {
const page = Object.keys(CATEGORY_METADATA).find((x) => path === `/$/${x}` || path === `/$/${x}/`); const page = Object.keys(CATEGORY_METADATA).find((x) => path === `/$/${x}` || path === `/$/${x}/`);
return CATEGORY_METADATA[page]; return CATEGORY_METADATA[page];

5
web/src/oEmbed.js
View file

@ -5,6 +5,7 @@ const {
generateEmbedUrl, generateEmbedUrl,
getParameterByName, getParameterByName,
getThumbnailCdnUrl, getThumbnailCdnUrl,
escapeHtmlProperty,
} = require('../../ui/util/web'); } = require('../../ui/util/web');
const { lbryProxy: Lbry } = require('../lbry'); const { lbryProxy: Lbry } = require('../lbry');
@ -52,7 +53,9 @@ function generateOEmbedData(claim, referrerQuery) {
const authorUrlPath = authorClaim && authorClaim.canonical_url.replace('lbry://', '').replace('#', ':'); const authorUrlPath = authorClaim && authorClaim.canonical_url.replace('lbry://', '').replace('#', ':');
const authorUrl = authorClaim ? `${URL}/${authorUrlPath}` : null; const authorUrl = authorClaim ? `${URL}/${authorUrlPath}` : null;
const thumbnailUrl = value && value.thumbnail && value.thumbnail.url && getThumbnailCdnUrl(value.thumbnail.url); const thumbnailUrl = value && value.thumbnail && value.thumbnail.url && getThumbnailCdnUrl(value.thumbnail.url);
const videoUrl = generateEmbedUrl(claim.name, claim.claim_id) + (referrerQuery ? `r=${referrerQuery}` : ''); const videoUrl =
generateEmbedUrl(claim.name, claim.claim_id) +
(referrerQuery ? `r=${encodeURIComponent(escapeHtmlProperty(referrerQuery))}` : '');
const { html, width, height } = generateEmbedIframeData(videoUrl); const { html, width, height } = generateEmbedIframeData(videoUrl);