From ae3e3ceefc8e3c174ff69f05212d636230f093d6 Mon Sep 17 00:00:00 2001 From: RaindropsSys Date: Mon, 24 Jun 2024 15:13:56 +0200 Subject: Fix potential code injection --- src/PrisbeamSearch.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/PrisbeamSearch.ts b/src/PrisbeamSearch.ts index daffde4..5e352d8 100755 --- a/src/PrisbeamSearch.ts +++ b/src/PrisbeamSearch.ts @@ -27,7 +27,10 @@ export class PrisbeamSearch {
Show technical information - 
Query: ${query.substring(0, 1024)}${sql ? `\n\nSQL: ${sql.substring(0, 1024)}` : ""}\n\nError dump:\n${e.stack}
+ 
Query: ${query.substring(0, 1024)}${sql ? `\n\nSQL: ${sql.substring(0, 1024)}` : ""}\n\nError dump:\n${e.stack
+                    .replaceAll("&", "&")
+                    .replaceAll(">", ">")
+                    .replaceAll("<", "<")}
`; } @@ -85,7 +88,10 @@ export class PrisbeamSearch { } if (e.name === "SearchError" || e.stack.startsWith("SearchError: ")) { - return e.message; + return e.message + .replaceAll("&", "&") + .replaceAll(">", ">") + .replaceAll("<", "<"); } return "An error has occurred while processing your search query"; -- cgit