Skip to content

Commit 793a2bd

Browse files
haileyokhaileyok
committed
escape
1 parent da6968c commit 793a2bd

File tree

3 files changed

+12
-2
lines changed

3 files changed

+12
-2
lines changed

bskylink/package.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,10 @@
99
},
1010
"dependencies": {
1111
"@atproto/common": "^0.4.0",
12+
"@types/escape-html": "^1.0.4",
1213
"body-parser": "^1.20.2",
1314
"cors": "^2.8.5",
15+
"escape-html": "^1.0.3",
1416
"express": "^4.19.2",
1517
"http-terminator": "^3.2.0",
1618
"kysely": "^0.27.3",

bskylink/src/routes/redirect.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
import assert from 'node:assert'
22

33
import {DAY, SECOND} from '@atproto/common'
4+
import escapeHTML from 'escape-html'
45
import {Express} from 'express'
56

67
import {AppContext} from '../context.js'
@@ -42,8 +43,10 @@ export default function (ctx: AppContext, app: Express) {
4243
res.setHeader('Cache-Control', `max-age=${(7 * DAY) / SECOND}`)
4344
res.type('html')
4445
res.status(200)
46+
47+
const escaped = escapeHTML(url.href)
4548
return res.send(
46-
`<html><head><meta http-equiv="refresh" content="0; URL='${url.href}'" /><style>:root { color-scheme: light dark; }</style></head></html>`,
49+
`<html><head><meta http-equiv="refresh" content="0; URL='${escaped}'" /><style>:root { color-scheme: light dark; }</style></head></html>`,
4750
)
4851
}),
4952
)

bskylink/yarn.lock

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,11 @@
6969
dependencies:
7070
"@types/node" "*"
7171

72+
"@types/escape-html@^1.0.4":
73+
version "1.0.4"
74+
resolved "https://registry.yarnpkg.com/@types/escape-html/-/escape-html-1.0.4.tgz#dc7c166b76c7b03b27e32f80edf01d91eb5d9af2"
75+
integrity sha512-qZ72SFTgUAZ5a7Tj6kf2SHLetiH5S6f8G5frB2SPQ3EyF02kxdyBFf4Tz4banE3xCgGnKgWLt//a6VuYHKYJTg==
76+
7277
"@types/node@*":
7378
version "20.14.2"
7479
resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.2.tgz#a5f4d2bcb4b6a87bffcaa717718c5a0f208f4a18"
@@ -276,7 +281,7 @@ es-errors@^1.3.0:
276281
resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f"
277282
integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
278283

279-
escape-html@~1.0.3:
284+
escape-html@^1.0.3, escape-html@~1.0.3:
280285
version "1.0.3"
281286
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
282287
integrity sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==

0 commit comments

Comments
 (0)