From cb609d893e2ef7f80fd5e79166ff4a7bc3012c65 Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Fri, 23 Sep 2022 16:40:32 +0800 Subject: [PATCH] Escape HTML entities in puppeteer-parse --- packages/content-fetch/package.json | 3 ++- packages/puppeteer-parse/package.json | 1 + packages/puppeteer-parse/twitter-handler.js | 5 +++-- packages/puppeteer-parse/youtube-handler.js | 8 +++++--- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/packages/content-fetch/package.json b/packages/content-fetch/package.json index b8d02d063..f58675a74 100644 --- a/packages/content-fetch/package.json +++ b/packages/content-fetch/package.json @@ -10,7 +10,8 @@ "jsonwebtoken": "^8.5.1", "linkedom": "^0.14.9", "luxon": "^2.3.1", - "puppeteer-core": "^16.1.0" + "puppeteer-core": "^16.1.0", + "underscore": "^1.13.4" }, "scripts": { "start": "node app.js", diff --git a/packages/puppeteer-parse/package.json b/packages/puppeteer-parse/package.json index ff4de5e8b..11e60b00d 100644 --- a/packages/puppeteer-parse/package.json +++ b/packages/puppeteer-parse/package.json @@ -14,6 +14,7 @@ "linkedom": "^0.14.9", "luxon": "^2.3.1", "puppeteer-core": "^16.1.0", + "underscore": "^1.13.4", "winston": "^3.3.3" }, "devDependencies": { diff --git a/packages/puppeteer-parse/twitter-handler.js b/packages/puppeteer-parse/twitter-handler.js index 99bab6661..fe68e4782 100644 --- a/packages/puppeteer-parse/twitter-handler.js +++ b/packages/puppeteer-parse/twitter-handler.js @@ -6,6 +6,7 @@ require('dotenv').config(); const axios = require('axios'); const { DateTime } = require('luxon'); +const _ = require("underscore"); const TWITTER_BEARER_TOKEN = process.env.TWITTER_BEARER_TOKEN; const TWITTER_URL_MATCH = /twitter\.com\/(?:#!\/)?(\w+)\/status(?:es)?\/(\d+)(?:\/.*)?/ @@ -116,7 +117,7 @@ exports.twitterHandler = { const tweetData = (await getTweetById(tweetId)).data; const authorId = tweetData.data.author_id; const author = tweetData.includes.users.filter(u => u.id = authorId)[0]; - const title = titleForAuthor(author) + const title = _.escape(titleForAuthor(author)) const authorImage = author.profile_image_url.replace('_normal', '_400x400') let text = tweetData.data.text; @@ -157,7 +158,7 @@ exports.twitterHandler = { - + ${front} diff --git a/packages/puppeteer-parse/youtube-handler.js b/packages/puppeteer-parse/youtube-handler.js index 179e4614f..68dfc5af6 100644 --- a/packages/puppeteer-parse/youtube-handler.js +++ b/packages/puppeteer-parse/youtube-handler.js @@ -5,6 +5,7 @@ /* eslint-disable @typescript-eslint/no-require-imports */ require('dotenv').config(); const axios = require('axios'); +const _ = require("underscore"); const YOUTUBE_URL_MATCH = /^((?:https?:)?\/\/)?((?:www|m)\.)?((?:youtube\.com|youtu.be))(\/(?:[\w-]+\?v=|embed\/|v\/)?)([\w-]+)(\S+)?$/ @@ -36,11 +37,12 @@ exports.youtubeHandler = { const oembedUrl = `https://www.youtube.com/oembed?format=json&url=` + encodeURIComponent(`https://www.youtube.com/watch?v=${videoId}`) const oembed = (await axios.get(oembedUrl.toString())).data; - const title = oembed.title; + const title = _.escape(oembed.title); const ratio = oembed.width / oembed.height; const thumbnail = oembed.thumbnail_url; const height = 350; const width = height * ratio; + const authorName = _.escape(oembed.author_name); const content = ` @@ -49,12 +51,12 @@ exports.youtubeHandler = { - +

${title}

- + `