projects
/
vchess.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Sanitize more
[vchess.git]
/
server
/
routes
/
messages.js
diff --git
a/server/routes/messages.js
b/server/routes/messages.js
index
cd93b9f
..
d96cbfa
100644
(file)
--- a/
server/routes/messages.js
+++ b/
server/routes/messages.js
@@
-9,10
+9,10
@@
router.post("/messages", (req,res,next) => {
if (!req.xhr)
return res.json({errmsg: "Unauthorized access"});
const from = req.body["email"];
if (!req.xhr)
return res.json({errmsg: "Unauthorized access"});
const from = req.body["email"];
- const subject = req.body["subject"];
- const body = req.body["content"];
+ // Replace potential newline characters in subject
+ const subject = req.body["subject"].replace(/\r?\n|\r/g, " ");
+ const body = req.body["content"]; //TODO: sanitize? Why? How?
- // TODO: sanitize ?
mailer(from, params.mail.contact, subject, body, err => {
if (!!err)
return res.json({errmsg:err});
mailer(from, params.mail.contact, subject, body, err => {
if (!!err)
return res.json({errmsg:err});