LBRYCommunity/lbry-desktop
1
0
Fork 0
Code Issues 596 Pull requests 6 Projects Releases 238 Packages Wiki Activity

fix metadata escaping

Browse source
This commit is contained in:
Jeremy Kauffman 2019-10-31 17:34:19 -04:00 committed by Sean Yesmunt
parent bab03e415d
commit fde8b92476
1 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/platforms/web/server.js
View file

@ -57,6 +57,17 @@ function insertToHead(fullHtml, htmlToInsert) {
return fullHtml.replace(/<!-- VARIABLE_HEAD_BEGIN -->.*<!-- VARIABLE_HEAD_END -->/s, htmlToInsert); return fullHtml.replace(/<!-- VARIABLE_HEAD_BEGIN -->.*<!-- VARIABLE_HEAD_END -->/s, htmlToInsert);
} }
function escapeHtmlProperty(property) {
return property
? String(property)
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;')
: '';
}
const defaultHead = const defaultHead =
'<title>lbry.tv</title>\n' + '<title>lbry.tv</title>\n' +
`<meta property="og:url" content="${DOMAIN}" />\n` + `<meta property="og:url" content="${DOMAIN}" />\n` +
@ -86,13 +97,13 @@ app.get('*', async (req, res) => {
getClaim(claimName, claimId, channelName, channelClaimId, (err, rows) => { getClaim(claimName, claimId, channelName, channelClaimId, (err, rows) => {
if (!err && rows && rows.length > 0) { if (!err && rows && rows.length > 0) {
const claim = rows[0]; const claim = rows[0];
const title = claim.title ? claim.title : claimName; const title = escapeHtmlProperty(claim.title ? claim.title : claimName);
const claimDescription = const claimDescription =
claim.description && claim.description.length > 0 claim.description && claim.description.length > 0
? truncateDescription(claim.description) ? escapeHtmlProperty(truncateDescription(claim.description))
: `Watch ${title} on LBRY.tv`; : `Watch ${title} on LBRY.tv`;
const claimLanguage = claim.language || 'en_US'; const claimLanguage = escapeHtmlProperty(claim.language) || 'en_US';
const claimThumbnail = claim.thumbnail_url || `${DOMAIN}/og.png`; const claimThumbnail = escapeHtmlProperty(claim.thumbnail_url) || `${DOMAIN}/og.png`;
const claimTitle = const claimTitle =
claim.channel && !isChannel ? `${title} from ${claim.channel} on LBRY.tv` : `${title} on LBRY.tv`; claim.channel && !isChannel ? `${title} from ${claim.channel} on LBRY.tv` : `${title} on LBRY.tv`;
@ -111,6 +122,7 @@ app.get('*', async (req, res) => {
head += `<meta property="og:locale" content="${claimLanguage}"/>`; head += `<meta property="og:locale" content="${claimLanguage}"/>`;
head += `<meta property="og:site_name" content="LBRY.tv"/>`; head += `<meta property="og:site_name" content="LBRY.tv"/>`;
head += `<meta property="og:type" content="website"/>`; head += `<meta property="og:type" content="website"/>`;
head += `<meta property="og:title" content="${claimTitle}"/>`;
// below should be canonical_url, but not provided by chainquery yet // below should be canonical_url, but not provided by chainquery yet
head += `<meta property="og:url" content="${DOMAIN}/${claim.name}:${claim.claim_id}"/>`; head += `<meta property="og:url" content="${DOMAIN}/${claim.name}:${claim.claim_id}"/>`;