Skip to content

Commit

Permalink
Simplifying sanitize() within the renderers
Browse files Browse the repository at this point in the history
  • Loading branch information
@avoidwork
avoidwork committed Jun 17, 2017
1 parent c5bd840 commit d958f4c
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 5 deletions.
5 changes: 1 addition & 4 deletions lib/renderers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,14 @@ const xml = require("tiny-xml"),
yaml = require("yamljs"),
path = require("path"),
csv = require("csv.js"),
iterate = require(path.join(__dirname, "iterate.js")),
utility = require(path.join(__dirname, "utility.js")),
renderers = new Map();

function sanitize (arg) {
let output = arg;

if (typeof arg === "string") {
iterate([["<", "&lt;"], [">", "&gt;"]], i => {
output = output.replace(new RegExp(i[0], "g"), i[1]);
});
output = output.replace(/</g, "&lt;").replace(/>/g, "&gt;");
}

return output;
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "tenso",
"description": "Tensō is an elastic REST API gateway for node.js",
"version": "4.5.23",
"version": "4.5.24",
"homepage": "http://avoidwork.github.io/tenso",
"author": "Jason Mulligan <[email protected]>",
"repository": {
Expand Down

7 comments on commit d958f4c

@ergoithz
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only sanitizing "<" and ">" characters, and not "&", will make "&lt;<" to be sanitized as "&lt;&lt;" and wrongly rendered as "<<" on browsers.

@avoidwork
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not a real problem.

@avoidwork
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

btw you can register your own renderer, which is likely the only way your concerns will be handled. it's there for times like this.

@ergoithz
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's definitely fun how you see every reported bug as "not a real problem".

@avoidwork
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ergoithz ...

your single ask : total installs
(1 / 126593) * 100 = 0.0007899330926670512

less than 5% doesn't matter. all my decisions are based on cost/impact/roi. my app affords you the ability to customize it for your needs, because they are truly your needs.

@avoidwork
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e.g.

const tenso = require('tenso'),
  app = tenso(config);

app.renderer('text/html', function (...args) {
  // do whatever you want, return the string needed for response body
});

you edited this file, so you should've seen you can customize it without modifying the program.

@avoidwork
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ergoithz you can also change the serializers because again, customization. if you want json-ld, go for it, it doesn't belong in tenso. shrug.

Please sign in to comment.