How to use sanitize method in prospector

Best Python code snippet using prospector_python

taSanitize.spec.js

Source:taSanitize.spec.js Github

copy

Full Screen

1describe('taSanitize', function(){2 'use strict';3 beforeEach(module('textAngular'));4 beforeEach(module('ngSanitize'));5 describe('should change all align attributes to text-align styles for HTML5 compatability', function(){6 it('should correct left align', inject(function(taSanitize){7 var safe = angular.element(taSanitize('<div align="left"></div>'));8 expect(safe.attr('align')).not.toBeDefined();9 expect(safe.css('text-align')).toBe('left');10 }));11 it('should correct right align', inject(function(taSanitize){12 var safe = angular.element(taSanitize('<div align="right"></div>'));13 expect(safe.attr('align')).not.toBeDefined();14 expect(safe.css('text-align')).toBe('right');15 }));16 it('should correct center align', inject(function(taSanitize){17 var safe = angular.element(taSanitize('<div align=\'center\'></div>'));18 expect(safe.attr('align')).not.toBeDefined();19 expect(safe.css('text-align')).toBe('center');20 }));21 it('should correct justify align', inject(function(taSanitize){22 var safe = angular.element(taSanitize('<div align=\'justify\'></div>'));23 expect(safe.attr('align')).not.toBeDefined();24 expect(safe.css('text-align')).toBe('justify');25 }));26 it('should not affect existing styles', inject(function(taSanitize){27 var safe = angular.element(taSanitize('<div style="color: red;" align="left"></div>'));28 expect(safe.attr('align')).not.toBeDefined();29 expect(safe.css('text-align')).toBe('left');30 expect(safe.css('color')).toBe('red');31 }));32 });33 describe('if invalid HTML', function(){34 it('should return the oldsafe passed in', inject(function(taSanitize){35 var result = taSanitize('<broken><test', 'safe');36 expect(result).toBe('safe');37 }));38 it('should return an empty string if no oldsafe', inject(function(taSanitize){39 var result = taSanitize('<broken><test');40 expect(result).toBe('');41 }));42 });43 describe('clears out unnecessary &#10; &#9;', function(){44 it('at start both', inject(function(taSanitize){45 var result = taSanitize('<p>&#10;&#9;Test Test 2</p>', 'safe');46 expect(result).toBe('<p>Test Test 2</p>');47 }));48 49 it('at start &#10;', inject(function(taSanitize){50 var result = taSanitize('<p>&#10;Test Test 2</p>', 'safe');51 expect(result).toBe('<p>Test Test 2</p>');52 }));53 54 it('at start &#9;', inject(function(taSanitize){55 var result = taSanitize('<p>&#9;Test Test 2</p>', 'safe');56 expect(result).toBe('<p>Test Test 2</p>');57 }));58 59 it('at middle both', inject(function(taSanitize){60 var result = taSanitize('<p>Test &#10;&#9;Test 2</p>', 'safe');61 expect(result).toBe('<p>Test Test 2</p>');62 }));63 64 it('at middle &#10;', inject(function(taSanitize){65 var result = taSanitize('<p>Test &#10;Test 2</p>', 'safe');66 expect(result).toBe('<p>Test Test 2</p>');67 }));68 69 it('at middle &#9;', inject(function(taSanitize){70 var result = taSanitize('<p>Test &#9;Test 2</p>', 'safe');71 expect(result).toBe('<p>Test Test 2</p>');72 }));73 74 it('at end both', inject(function(taSanitize){75 var result = taSanitize('<p>Test Test 2&#10;&#9;</p>', 'safe');76 expect(result).toBe('<p>Test Test 2</p>');77 }));78 79 it('at end &#10;', inject(function(taSanitize){80 var result = taSanitize('<p>Test Test 2&#10;</p>', 'safe');81 expect(result).toBe('<p>Test Test 2</p>');82 }));83 84 it('at end &#9;', inject(function(taSanitize){85 var result = taSanitize('<p>Test Test 2&#9;</p>', 'safe');86 expect(result).toBe('<p>Test Test 2</p>');87 }));88 89 it('combination', inject(function(taSanitize){90 var result = taSanitize('<p>&#10;Test &#10; &#9;Test 2&#10;&#9;</p>', 'safe');91 expect(result).toBe('<p>Test Test 2</p>');92 }));93 94 it('leaves them inbetween <pre> tags', inject(function(taSanitize){95 var result = taSanitize('<pre>&#9;Test &#10; &#9;Test 2&#10;&#9;</pre>', 'safe');96 expect(result).toBe('<pre>&#9;Test &#10; &#9;Test 2&#10;&#9;</pre>');97 }));98 99 it('correctly handles a mixture', inject(function(taSanitize){100 var result = taSanitize('<p>&#10;Test &#10; &#9;Test 2&#10;&#9;</p><pre>&#9;Test &#10; &#9;Test 2&#10;&#9;</pre>', 'safe');101 expect(result).toBe('<p>Test Test 2</p><pre>&#9;Test &#10; &#9;Test 2&#10;&#9;</pre>');102 }));103 104 it('correctly handles more than one pre-tag', inject(function(taSanitize){105 var result = taSanitize('<p>&#10;Test &#10; &#9;Test 2&#10;&#9;</p><pre>&#9;Test &#10; &#9;Test 1&#10;&#9;</pre><p>&#10;Test &#10; &#9;Test 2&#10;&#9;</p><pre>&#9;Test &#10; &#9;Test 2&#10;&#9;</pre>', 'safe');106 expect(result).toBe('<p>Test Test 2</p><pre>&#9;Test &#10; &#9;Test 1&#10;&#9;</pre><p>Test Test 2</p><pre>&#9;Test &#10; &#9;Test 2&#10;&#9;</pre>');107 }));108 });109 describe('only certain style attributes are allowed', function(){110 describe('validated color attribute', function(){111 it('name', inject(function(taSanitize){112 var result = angular.element(taSanitize('<div style="color: blue;"></div>'));113 expect(result.attr('style')).toBe('color: blue;');114 }));115 it('hex value', inject(function(taSanitize){116 var result = angular.element(taSanitize('<div style="color: #000000;"></div>'));117 expect(result.attr('style')).toBe('color: #000000;');118 }));119 it('rgba', inject(function(taSanitize){120 var result = angular.element(taSanitize('<div style="color: rgba(20, 20, 20, 0.5);"></div>'));121 expect(result.attr('style')).toBe('color: rgba(20, 20, 20, 0.5);');122 }));123 it('rgb', inject(function(taSanitize){124 var result = angular.element(taSanitize('<div style="color: rgb(20, 20, 20);"></div>'));125 expect(result.attr('style')).toBe('color: rgb(20, 20, 20);');126 }));127 it('hsl', inject(function(taSanitize){128 var result = angular.element(taSanitize('<div style="color: hsl(20, 20%, 20%);"></div>'));129 expect(result.attr('style')).toBe('color: hsl(20, 20%, 20%);');130 }));131 it('hlsa', inject(function(taSanitize){132 var result = angular.element(taSanitize('<div style="color: hsla(20, 20%, 20%, 0.5);"></div>'));133 expect(result.attr('style')).toBe('color: hsla(20, 20%, 20%, 0.5);');134 }));135 it('bad value not accepted', inject(function(taSanitize){136 var result = taSanitize('<div style="color: execute(alert(\'test\'));"></div>');137 expect(result).toBe('<div></div>');138 }));139 });140 describe('validated background-color attribute', function(){141 it('name', inject(function(taSanitize){142 var result = angular.element(taSanitize('<div style="background-color: blue;"></div>'));143 expect(result.attr('style')).toBe('background-color: blue;');144 }));145 it('hex value', inject(function(taSanitize){146 var result = angular.element(taSanitize('<div style="background-color: #000000;"></div>'));147 expect(result.attr('style')).toBe('background-color: #000000;');148 }));149 it('rgba', inject(function(taSanitize){150 var result = angular.element(taSanitize('<div style="background-color: rgba(20, 20, 20, 0.5);"></div>'));151 expect(result.attr('style')).toBe('background-color: rgba(20, 20, 20, 0.5);');152 }));153 it('rgb', inject(function(taSanitize){154 var result = angular.element(taSanitize('<div style="background-color: rgb(20, 20, 20);"></div>'));155 expect(result.attr('style')).toBe('background-color: rgb(20, 20, 20);');156 }));157 it('hsl', inject(function(taSanitize){158 var result = angular.element(taSanitize('<div style="background-color: hsl(20, 20%, 20%);"></div>'));159 expect(result.attr('style')).toBe('background-color: hsl(20, 20%, 20%);');160 }));161 it('hlsa', inject(function(taSanitize){162 var result = angular.element(taSanitize('<div style="background-color: hsla(20, 20%, 20%, 0.5);"></div>'));163 expect(result.attr('style')).toBe('background-color: hsla(20, 20%, 20%, 0.5);');164 }));165 it('bad value not accepted', inject(function(taSanitize){166 var result = taSanitize('<div style="background-color: execute(alert(\'test\'));"></div>');167 expect(result).toBe('<div></div>');168 }));169 });170 describe('validated text-align attribute', function(){171 it('left', inject(function(taSanitize){172 var result = angular.element(taSanitize('<div style="text-align: left;"></div>'));173 expect(result.attr('style')).toBe('text-align: left;');174 }));175 it('right', inject(function(taSanitize){176 var result = angular.element(taSanitize('<div style="text-align: right;"></div>'));177 expect(result.attr('style')).toBe('text-align: right;');178 }));179 it('center', inject(function(taSanitize){180 var result = angular.element(taSanitize('<div style="text-align: center;"></div>'));181 expect(result.attr('style')).toBe('text-align: center;');182 }));183 it('justify', inject(function(taSanitize){184 var result = angular.element(taSanitize('<div style="text-align: justify;"></div>'));185 expect(result.attr('style')).toBe('text-align: justify;');186 }));187 it('bad value not accepted', inject(function(taSanitize){188 var result = taSanitize('<div style="text-align: execute(alert(\'test\'));"></div>');189 expect(result).toBe('<div></div>');190 }));191 });192 describe('validated float attribute', function(){193 it('left', inject(function(taSanitize){194 var result = angular.element(taSanitize('<div style="float: left;"></div>'));195 expect(result.attr('style')).toBe('float: left;');196 }));197 it('right', inject(function(taSanitize){198 var result = angular.element(taSanitize('<div style="float: right;"></div>'));199 expect(result.attr('style')).toBe('float: right;');200 }));201 it('bad value not accepted', inject(function(taSanitize){202 var result = taSanitize('<div style="float: execute(alert(\'test\'));"></div>');203 expect(result).toBe('<div></div>');204 }));205 });206 describe('validated height attribute', function(){207 it('px', inject(function(taSanitize){208 var result = angular.element(taSanitize('<div style="height: 100px;"></div>'));209 expect(result.attr('style')).toBe('height: 100px;');210 }));211 it('px', inject(function(taSanitize){212 var result = angular.element(taSanitize('<div style="height: 100%;"></div>'));213 expect(result.attr('style')).toBe('height: 100%;');214 }));215 it('em', inject(function(taSanitize){216 var result = angular.element(taSanitize('<div style="height: 100em;"></div>'));217 expect(result.attr('style')).toBe('height: 100em;');218 }));219 it('rem', inject(function(taSanitize){220 var result = angular.element(taSanitize('<div style="height: 100rem;"></div>'));221 expect(result.attr('style')).toBe('height: 100rem;');222 }));223 it('bad value not accepted', inject(function(taSanitize){224 var result = taSanitize('<div style="height: execute(alert(\'test\'));"></div>');225 expect(result).toBe('<div></div>');226 }));227 });228 describe('validated width attribute', function(){229 it('px', inject(function(taSanitize){230 var result = angular.element(taSanitize('<div style="width: 100px;"></div>'));231 expect(result.attr('style')).toBe('width: 100px;');232 }));233 it('px', inject(function(taSanitize){234 var result = angular.element(taSanitize('<div style="width: 100%;"></div>'));235 expect(result.attr('style')).toBe('width: 100%;');236 }));237 it('em', inject(function(taSanitize){238 var result = angular.element(taSanitize('<div style="width: 100em;"></div>'));239 expect(result.attr('style')).toBe('width: 100em;');240 }));241 it('rem', inject(function(taSanitize){242 var result = angular.element(taSanitize('<div style="width: 100rem;"></div>'));243 expect(result.attr('style')).toBe('width: 100rem;');244 }));245 it('bad value not accepted', inject(function(taSanitize){246 var result = taSanitize('<div style="width: execute(alert(\'test\'));"></div>');247 expect(result).toBe('<div></div>');248 }));249 });250 describe('un-validated are removed', function(){251 it('removes non whitelisted values', inject(function(taSanitize){252 var result = taSanitize('<div style="max-height: 12px;"></div>');253 expect(result).toBe('<div></div>');254 }));255 it('removes non whitelisted values leaving valid values', inject(function(taSanitize){256 var result = angular.element(taSanitize('<div style="text-align: left; max-height: 12px;"></div>'));257 expect(result.attr('style')).toBe('text-align: left;');258 }));259 });260 });261 describe('allow disabling of sanitizer', function(){262 it('should return the oldsafe passed in if bad html', inject(function(taSanitize, $sce){263 var result = taSanitize('<broken><test', 'safe', true);264 expect(result).toBe('safe');265 }));266 it('should allow html not allowed by sanitizer', inject(function(taSanitize, $sce){267 var result = taSanitize('<bad-tag></bad-tag>', '', true);268 expect(result).toBe('<bad-tag></bad-tag>');269 }));270 });271 describe('check if style is sanitized correctly', function(){272 it('should translate style to tag', inject(function(taSanitize, $sce){273 var result = taSanitize('Q<b>W</b><i style="font-weight: bold;">E</i><u style="font-weight: bold; font-style: italic;">R</u>T');274 expect(result).toBe('Q<b>W</b><i><b>E</b></i><u><b><i>R</i></b></u>T');275 }));276 it('should translate style to tag, respecting nested tags', inject(function(taSanitize, $sce){277 var result = taSanitize("Q<i style='font-weight: bold;'><u>E</u></i>T");278 expect(result).toBe('Q<i><b><u>E</u></b></i>T');279 }));280 });...

Full Screen

Full Screen

sanitizeUriSpec.js

Source:sanitizeUriSpec.js Github

copy

Full Screen

1/* jshint scripturl: true */2'use strict';3describe('sanitizeUri', function() {4 var sanitizeHref, sanitizeImg, sanitizeUriProvider, testUrl;5 beforeEach(function() {6 module(function(_$$sanitizeUriProvider_) {7 sanitizeUriProvider = _$$sanitizeUriProvider_;8 });9 inject(function($$sanitizeUri) {10 sanitizeHref = function(uri) {11 return $$sanitizeUri(uri, false);12 };13 sanitizeImg = function(uri) {14 return $$sanitizeUri(uri, true);15 };16 });17 });18 function isEvilInCurrentBrowser(uri) {19 var a = document.createElement('a');20 a.setAttribute('href', uri);21 return a.href.substring(0, 4) !== 'http';22 }23 describe('img[src] sanitization', function() {24 it('should sanitize javascript: urls', function() {25 testUrl = "javascript:doEvilStuff()";26 expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');27 });28 it('should sanitize javascript: urls with comments', function() {29 testUrl = "javascript:alert(1)//data:image/";30 expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:alert(1)//data:image/');31 });32 it('should sanitize non-image data: urls', function() {33 testUrl = "data:application/javascript;charset=US-ASCII,alert('evil!');";34 expect(sanitizeImg(testUrl)).toBe("unsafe:data:application/javascript;charset=US-ASCII,alert('evil!');");35 testUrl = "data:,foo";36 expect(sanitizeImg(testUrl)).toBe("unsafe:data:,foo");37 });38 it('should sanitize mailto: urls', function() {39 testUrl = "mailto:foo@bar.com";40 expect(sanitizeImg(testUrl)).toBe('unsafe:mailto:foo@bar.com');41 });42 it('should sanitize obfuscated javascript: urls', function() {43 // case-sensitive44 testUrl = "JaVaScRiPt:doEvilStuff()";45 expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');46 // tab in protocol47 testUrl = "java\u0009script:doEvilStuff()";48 if (isEvilInCurrentBrowser(testUrl)) {49 expect(sanitizeImg(testUrl)).toEqual('unsafe:javascript:doEvilStuff()');50 }51 // space before52 testUrl = " javascript:doEvilStuff()";53 expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');54 // ws chars before55 testUrl = " \u000e javascript:doEvilStuff()";56 if (isEvilInCurrentBrowser(testUrl)) {57 expect(sanitizeImg(testUrl)).toEqual('unsafe:javascript:doEvilStuff()');58 }59 // post-fixed with proper url60 testUrl = "javascript:doEvilStuff(); http://make.me/look/good";61 expect(sanitizeImg(testUrl)).toBeOneOf(62 'unsafe:javascript:doEvilStuff(); http://make.me/look/good',63 'unsafe:javascript:doEvilStuff();%20http://make.me/look/good'64 );65 });66 it('should sanitize ng-src bindings as well', function() {67 testUrl = "javascript:doEvilStuff()";68 expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');69 });70 it('should not sanitize valid urls', function() {71 testUrl = "foo/bar";72 expect(sanitizeImg(testUrl)).toBe('foo/bar');73 testUrl = "/foo/bar";74 expect(sanitizeImg(testUrl)).toBe('/foo/bar');75 testUrl = "../foo/bar";76 expect(sanitizeImg(testUrl)).toBe('../foo/bar');77 testUrl = "#foo";78 expect(sanitizeImg(testUrl)).toBe('#foo');79 testUrl = "http://foo.com/bar";80 expect(sanitizeImg(testUrl)).toBe('http://foo.com/bar');81 testUrl = " http://foo.com/bar";82 expect(sanitizeImg(testUrl)).toBe(' http://foo.com/bar');83 testUrl = "https://foo.com/bar";84 expect(sanitizeImg(testUrl)).toBe('https://foo.com/bar');85 testUrl = "ftp://foo.com/bar";86 expect(sanitizeImg(testUrl)).toBe('ftp://foo.com/bar');87 testUrl = "file:///foo/bar.html";88 expect(sanitizeImg(testUrl)).toBe('file:///foo/bar.html');89 });90 it('should not sanitize blob urls', function() {91 testUrl = "blob:///foo/bar.html";92 expect(sanitizeImg(testUrl)).toBe('blob:///foo/bar.html');93 });94 it('should not sanitize data: URIs for images', function() {95 // image data uri96 // ref: http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever97 testUrl = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==";98 expect(sanitizeImg(testUrl)).toBe('data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==');99 });100 it('should allow reconfiguration of the src whitelist', function() {101 var returnVal;102 expect(sanitizeUriProvider.imgSrcSanitizationWhitelist() instanceof RegExp).toBe(true);103 returnVal = sanitizeUriProvider.imgSrcSanitizationWhitelist(/javascript:/);104 expect(returnVal).toBe(sanitizeUriProvider);105 testUrl = "javascript:doEvilStuff()";106 expect(sanitizeImg(testUrl)).toBe('javascript:doEvilStuff()');107 testUrl = "http://recon/figured";108 expect(sanitizeImg(testUrl)).toBe('unsafe:http://recon/figured');109 });110 });111 describe('a[href] sanitization', function() {112 it('should sanitize javascript: urls', inject(function() {113 testUrl = "javascript:doEvilStuff()";114 expect(sanitizeHref(testUrl)).toBe('unsafe:javascript:doEvilStuff()');115 }));116 it('should sanitize data: urls', inject(function() {117 testUrl = "data:evilPayload";118 expect(sanitizeHref(testUrl)).toBe('unsafe:data:evilPayload');119 }));120 it('should sanitize obfuscated javascript: urls', inject(function() {121 // case-sensitive122 testUrl = "JaVaScRiPt:doEvilStuff()";123 expect(sanitizeHref(testUrl)).toBe('unsafe:javascript:doEvilStuff()');124 // tab in protocol125 testUrl = "java\u0009script:doEvilStuff()";126 if (isEvilInCurrentBrowser(testUrl)) {127 expect(sanitizeHref(testUrl)).toEqual('unsafe:javascript:doEvilStuff()');128 }129 // space before130 testUrl = " javascript:doEvilStuff()";131 expect(sanitizeHref(testUrl)).toBe('unsafe:javascript:doEvilStuff()');132 // ws chars before133 testUrl = " \u000e javascript:doEvilStuff()";134 if (isEvilInCurrentBrowser(testUrl)) {135 expect(sanitizeHref(testUrl)).toEqual('unsafe:javascript:doEvilStuff()');136 }137 // post-fixed with proper url138 testUrl = "javascript:doEvilStuff(); http://make.me/look/good";139 expect(sanitizeHref(testUrl)).toBeOneOf(140 'unsafe:javascript:doEvilStuff(); http://make.me/look/good',141 'unsafe:javascript:doEvilStuff();%20http://make.me/look/good'142 );143 }));144 it('should sanitize ngHref bindings as well', inject(function() {145 testUrl = "javascript:doEvilStuff()";146 expect(sanitizeHref(testUrl)).toBe('unsafe:javascript:doEvilStuff()');147 }));148 it('should not sanitize valid urls', inject(function() {149 testUrl = "foo/bar";150 expect(sanitizeHref(testUrl)).toBe('foo/bar');151 testUrl = "/foo/bar";152 expect(sanitizeHref(testUrl)).toBe('/foo/bar');153 testUrl = "../foo/bar";154 expect(sanitizeHref(testUrl)).toBe('../foo/bar');155 testUrl = "#foo";156 expect(sanitizeHref(testUrl)).toBe('#foo');157 testUrl = "http://foo/bar";158 expect(sanitizeHref(testUrl)).toBe('http://foo/bar');159 testUrl = " http://foo/bar";160 expect(sanitizeHref(testUrl)).toBe(' http://foo/bar');161 testUrl = "https://foo/bar";162 expect(sanitizeHref(testUrl)).toBe('https://foo/bar');163 testUrl = "ftp://foo/bar";164 expect(sanitizeHref(testUrl)).toBe('ftp://foo/bar');165 testUrl = "mailto:foo@bar.com";166 expect(sanitizeHref(testUrl)).toBe('mailto:foo@bar.com');167 testUrl = "file:///foo/bar.html";168 expect(sanitizeHref(testUrl)).toBe('file:///foo/bar.html');169 }));170 it('should allow reconfiguration of the href whitelist', function() {171 var returnVal;172 expect(sanitizeUriProvider.aHrefSanitizationWhitelist() instanceof RegExp).toBe(true);173 returnVal = sanitizeUriProvider.aHrefSanitizationWhitelist(/javascript:/);174 expect(returnVal).toBe(sanitizeUriProvider);175 testUrl = "javascript:doEvilStuff()";176 expect(sanitizeHref(testUrl)).toBe('javascript:doEvilStuff()');177 testUrl = "http://recon/figured";178 expect(sanitizeHref(testUrl)).toBe('unsafe:http://recon/figured');179 });180 });...

Full Screen

Full Screen

boards.js

Source:boards.js Github

copy

Full Screen

1const express = require('express');2const router = express.Router();3const sanitizehtml = require('sanitize-html');4const Board = require('../schemas/board');5/**6 * api name : 게시글 목록 조회7 * api function : 입력된 게시글을 전체조회한다. 단, 작성일자를 내림차순으로 조회한다.8 * type : GET9 * url : api/boardlist10 * request : None11 * response : {boardlist} set12 */13router.get('/boardlist', async (req, res) => {14 const boardlist = await Board.find().sort({regdt: -1});15 res.json({boardlist: boardlist});16});17/**18 * api name : 게시글 상세 조회19 * api function : 게시글에 대한 상세정보를 조회한다.20 * type : GET21 * url : api/boarddetail/:boardId22 * request : boardId23 * response : {boarddetail} set24 */25router.get('/boarddetail', async (req, res) => {26 const {boardId} = req.query;27 const boarddetail = await Board.find({_id: boardId}) //문자나 숫자들어오면 죽는데; 이거 좀 고쳐봐야겠다; 일단 되니까 둔다.28 res.json({boarddetail: boarddetail});29});30/**31 * api name : 게시글 작성32 * api function : 게시글을 작성한다. 작성 시 반드시 모든 입력 값이 있어야한다.33 * type : POST34 * url : api/board35 * request : title, regid, password, content36 * response : json({success, msg})37 */38 router.post('/board', async (req, res) => {39 const {title, regid, password, content} = req.body;40 // XSS공격 취약점 보완41 const sanitizeTitle = sanitizehtml(title);42 const sanitizeRegid = sanitizehtml(regid);43 const sanitizePassword = sanitizehtml(password);44 const sanitizeContent = sanitizehtml(content);45 const regdt = new Date(+new Date() + 3240 * 10000).toISOString().replace("T", " ").replace(/\..*/, '');46 // 빈 값을 체크한다.47 if(!sanitizeTitle.length) return res.json({success: false, msg:'제목이 입력되지 않았거나, 올바르지 않습니다.'});48 if(!sanitizeRegid.length) return res.json({success: false, msg:'작성자가 입력되지 않았거나, 올바르지 않습니다.'});49 if(!sanitizePassword.length) return res.json({success: false, msg:'패스워드가 입력되지 않았습니다.'});50 if(!sanitizeContent.length) return res.json({success: false, msg:'글 내용이 입력되지 않았거나, 올바르지 않습니다.'});51 52 //입력된 값을 받아, DB에 도큐먼트 삽입53 await Board.create({54 title: sanitizeTitle,55 regid: sanitizeRegid,56 password: sanitizePassword,57 content: sanitizeContent,58 regdt: regdt,59 });60 res.json({success: true, msg: 'server message : 게시글 작성 성공.'});61});62/**63 * api name : 게시글 수정64 * api function65 * - 입력된 게시글을 수정한다.66 * - 단, 게시글 수정 시 입력했던 기존 패스워드와 동일해야만 글을 수정할 수 있도록 한다.67 * type : PUT68 * url : api/board69 * request : boardid, title, password, regid, content70 * response : json({success, msg})71 */72 router.put('/board', async (req, res) => {73 const {title, regid, password, content, boardId} = req.body;74 const [boarddetail] = await Board.find({_id: boardId})75 // XSS공격 취약점 보완76 const sanitizeTitle = sanitizehtml(title);77 const sanitizeRegid = sanitizehtml(regid);78 const sanitizePassword = sanitizehtml(password);79 const sanitizeContent = sanitizehtml(content);80 // 빈 값을 체크한다.81 if(!sanitizeTitle.length) return res.json({success: false, msg:'제목이 입력되지 않았거나, 올바르지 않습니다.'});82 if(!sanitizeRegid.length) return res.json({success: false, msg:'작성자가 입력되지 않았거나, 올바르지 않습니다.'});83 if(!sanitizePassword.length) return res.json({success: false, msg:'패스워드가 입력되지 않았습니다.'});84 if(!sanitizeContent.length) return res.json({success: false, msg:'글 내용이 입력되지 않았거나, 올바르지 않습니다.'});85 if(boarddetail['password'] !== password){86 return res.json({ code: false, msg: 'server message : 패스워드가 일치하지 않음' });87 // return res.status(400).json({ code: false, msg: 'server message : 패스워드가 일치하지 않음' });88 }89 90 if(![boarddetail].length){91 return res.json({ success: false, msg: 'server message : 수정할 게시물이 존재하지 않음' });92 // return res.status(400).json({ success: false, msg: 'server message : 수정할 게시물이 존재하지 않음' });93 } 94 95 await Board.updateOne({ _id: boardId }, { $set: { title: sanitizeTitle, regid: sanitizeRegid, content:sanitizeContent } });96 res.json({ success: true, msg: 'server message : 게시글이 수정 성공.' })97});98/**99 * api name : 게시글 삭제100 * api function101 * - 입력된 게시글을 삭제한다.102 * - 단, 게시글 수정 시 입력했던 기존 패스워드와 동일해야만 글을 삭제할 수 있도록 한다.103 * type : DELETE104 * url : api/board105 * request : boardid, password106 * response : json({success, msg})107 */108 router.delete('/board', async (req, res) => {109 const {boardId, password} = req.body;110 const [boarddetail] = await Board.find({_id: boardId})111 // XSS공격 취약점 보완112 const sanitizePassword = sanitizehtml(password);113 // 빈 값을 체크한다.114 if(!sanitizePassword.length) return res.json({success: false, msg:'패스워드가 입력되지 않았습니다.'});115 if(boarddetail['password'] !== password){116 return res.json({ code: false, msg: 'server message: 패스워드가 일치하지 않음' });117 // return res.status(400).json({ code: false, msg: 'server message : 패스워드가 일치하지 않음' });118 }119 120 if(![boarddetail].length){121 return res.json({ success: false, msg: 'server message: 삭제할 게시물이 존재하지 않음' });122 // return res.status(400).json({ success: false, msg: 'server message : 수정할 게시물이 존재하지 않음' });123 }124 125 await Board.deleteOne({_id: boardId});126 res.json({ success: true, msg: 'server message: 게시글 삭제 성공.' });127});...

Full Screen

Full Screen

security.js

Source:security.js Github

copy

Full Screen

1// Copyright (c) Jupyter Development Team.2// Distributed under the terms of the Modified BSD License.3define([4 'jquery',5 'components/google-caja/html-css-sanitizer-minified',6], function($, sanitize) {7 "use strict";8 9 var noop = function (x) { return x; };10 11 var caja;12 if (window && window.html) {13 caja = window.html;14 caja.html4 = window.html4;15 caja.sanitizeStylesheet = window.sanitizeStylesheet;16 }17 18 var sanitizeAttribs = function (tagName, attribs, opt_naiveUriRewriter, opt_nmTokenPolicy, opt_logger) {19 /**20 * add trusting data-attributes to the default sanitizeAttribs from caja21 * this function is mostly copied from the caja source22 */23 var ATTRIBS = caja.html4.ATTRIBS;24 for (var i = 0; i < attribs.length; i += 2) {25 var attribName = attribs[i];26 if (attribName.substr(0,5) == 'data-') {27 var attribKey = '*::' + attribName;28 if (!ATTRIBS.hasOwnProperty(attribKey)) {29 ATTRIBS[attribKey] = 0;30 }31 }32 }33 // Caja doesn't allow data uri for img::src, see34 // https://github.com/google/caja/issues/155835 // This is not a security issue for browser post ie6 though, so we36 // disable the check37 // https://www.owasp.org/index.php/Script_in_IMG_tags38 ATTRIBS['img::src'] = 0;39 return caja.sanitizeAttribs(tagName, attribs, opt_naiveUriRewriter, opt_nmTokenPolicy, opt_logger);40 };41 42 var sanitize_css = function (css, tagPolicy) {43 /**44 * sanitize CSS45 * like sanitize_html, but for CSS46 * called by sanitize_stylesheets47 */48 return caja.sanitizeStylesheet(49 window.location.pathname,50 css,51 {52 containerClass: null,53 idSuffix: '',54 tagPolicy: tagPolicy,55 virtualizeAttrName: noop56 },57 noop58 );59 };60 61 var sanitize_stylesheets = function (html, tagPolicy) {62 /**63 * sanitize just the css in style tags in a block of html64 * called by sanitize_html, if allow_css is true65 */66 var h = $("<div/>").append(html);67 var style_tags = h.find("style");68 if (!style_tags.length) {69 // no style tags to sanitize70 return html;71 }72 style_tags.each(function(i, style) {73 style.innerHTML = sanitize_css(style.innerHTML, tagPolicy);74 });75 return h.html();76 };77 78 var sanitize_html = function (html, allow_css) {79 /**80 * sanitize HTML81 * if allow_css is true (default: false), CSS is sanitized as well.82 * otherwise, CSS elements and attributes are simply removed.83 */84 var html4 = caja.html4;85 if (allow_css) {86 // allow sanitization of style tags,87 // not just scrubbing88 html4.ELEMENTS.style &= ~html4.eflags.UNSAFE;89 html4.ATTRIBS.style = html4.atype.STYLE;90 } else {91 // scrub all CSS92 html4.ELEMENTS.style |= html4.eflags.UNSAFE;93 html4.ATTRIBS.style = html4.atype.SCRIPT;94 }95 96 var record_messages = function (msg, opts) {97 console.log("HTML Sanitizer", msg, opts);98 };99 100 var policy = function (tagName, attribs) {101 if (!(html4.ELEMENTS[tagName] & html4.eflags.UNSAFE)) {102 return {103 'attribs': sanitizeAttribs(tagName, attribs,104 noop, noop, record_messages)105 };106 } else {107 record_messages(tagName + " removed", {108 change: "removed",109 tagName: tagName110 });111 }112 };113 114 var sanitized = caja.sanitizeWithPolicy(html, policy);115 116 if (allow_css) {117 // sanitize style tags as stylesheets118 sanitized = sanitize_stylesheets(sanitized, policy);119 }120 121 return sanitized;122 };123 var sanitize_html_and_parse = function (html, allow_css) {124 /**125 * Sanitize HTML and parse it safely using jQuery.126 *127 * This disable's jQuery's html 'prefilter', which can make invalid128 * HTML valid after the sanitizer has checked it.129 *130 * Returns an array of DOM nodes.131 */132 var sanitized_html = sanitize_html(html, allow_css);133 var prev_htmlPrefilter = $.htmlPrefilter;134 $.htmlPrefilter = function(html) {return html;}; // Don't modify HTML135 try {136 return $.parseHTML(sanitized_html);137 } finally {138 $.htmlPrefilter = prev_htmlPrefilter; // Set it back again139 }140 };141 142 var security = {143 caja: caja,144 sanitize_html_and_parse: sanitize_html_and_parse,145 sanitize_html: sanitize_html146 };147 return security;...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run prospector automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful