sanitise the ref for universities site. and remove unneeded sanitise

2026-05-30 20:31:34 +02:00 · 2015-01-19 10:49:40 +00:00
parent a0f5c09cb9
commit 17fe30ca0f
2 changed files with 2 additions and 2 deletions
--- a/services/web/app/coffee/Features/Project/ProjectController.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectController.coffee
@@ -5,7 +5,6 @@ projectDuplicator = require("./ProjectDuplicator")
 projectCreationHandler = require("./ProjectCreationHandler")
 editorController = require("../Editor/EditorController")
 metrics = require('../../infrastructure/Metrics')
-sanitize = require('sanitizer')
 Project = require('../../models/Project').Project
 User = require('../../models/User').User
 TagsHandler = require("../Tags/TagsHandler")
--- a/services/web/app/coffee/Features/StaticPages/UniversityController.coffee
+++ b/services/web/app/coffee/Features/StaticPages/UniversityController.coffee
@@ -4,6 +4,7 @@ logger = require("logger-sharelatex")
 _ = require("underscore")
 ErrorController = require "../Errors/ErrorController"
 StaticPageHelpers = require("./StaticPageHelpers")
+sanitize = require('sanitizer')

 module.exports = UniversityController = 

@@ -20,7 +21,7 @@ module.exports = UniversityController =
 			data = data.trim()
 			try
 				data = JSON.parse(data)
-				data.content = data.content.replace(/__ref__/g, req.query.ref)
+				data.content = data.content.replace(/__ref__/g, sanitize.escape(req.query.ref))
 			catch err
 				logger.err err:err, data:data, "error parsing data from data"
 			res.render "university/university_holder", data