mirror of
https://github.com/n8n-io/n8n.git
synced 2024-11-10 14:44:05 -08:00
2064f7f251
Validate first and last names before saving them to database. This should prevent security issue with un-sanitized data that ends up in emails. --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
44 lines
1.1 KiB
TypeScript
44 lines
1.1 KiB
TypeScript
import { NoXss } from '@db/utils/customValidators';
|
|
import { validate } from 'class-validator';
|
|
|
|
describe('customValidators', () => {
|
|
describe('NoXss', () => {
|
|
class Person {
|
|
@NoXss()
|
|
name: string;
|
|
}
|
|
const person = new Person();
|
|
|
|
const invalidNames = ['http://google.com', '<script src/>', 'www.domain.tld'];
|
|
|
|
const validNames = [
|
|
'Johann Strauß',
|
|
'Вагиф Сәмәдоғлу',
|
|
'René Magritte',
|
|
'সুকুমার রায়',
|
|
'མགོན་པོ་རྡོ་རྗེ།',
|
|
'عبدالحليم حافظ',
|
|
];
|
|
|
|
describe('Block XSS', () => {
|
|
for (const name of invalidNames) {
|
|
test(name, async () => {
|
|
person.name = name;
|
|
const validationErrors = await validate(person);
|
|
expect(validationErrors[0].property).toEqual('name');
|
|
expect(validationErrors[0].constraints).toEqual({ NoXss: 'Malicious name' });
|
|
});
|
|
}
|
|
});
|
|
|
|
describe('Allow Valid names', () => {
|
|
for (const name of validNames) {
|
|
test(name, async () => {
|
|
person.name = name;
|
|
expect(await validate(person)).toBeEmptyArray();
|
|
});
|
|
}
|
|
});
|
|
});
|
|
});
|