Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity

🔑 Update Validator to 6.2.1 (#7823)

Browse source 
no issue

Uses new version of [validator](https://github.com/chriso/validator.js) which checks also for in URL embedded script tags.
This commit is contained in:
Aileen Nowak 2017-01-10 19:05:25 +07:00 committed by Katharina Irrgang
parent 8993eb937f
commit 7cd13e6122
3 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
core/server/data/schema/default-settings.json
View file

@ -32,13 +32,13 @@
"defaultLang": { "defaultLang": {
"defaultValue": "en_US", "defaultValue": "en_US",
"validations": { "validations": {
"isNull": false "isEmpty": false
} }
}, },
"postsPerPage": { "postsPerPage": {
"defaultValue": "5", "defaultValue": "5",
"validations": { "validations": {
"isNull": false, "isEmpty": false,
"isInt": true, "isInt": true,
"isLength": [1, 1000] "isLength": [1, 1000]
} }
@ -47,13 +47,13 @@
"defaultValue": "Etc/UTC", "defaultValue": "Etc/UTC",
"validations": { "validations": {
"isTimezone": true, "isTimezone": true,
"isNull": false "isEmpty": false
} }
}, },
"forceI18n": { "forceI18n": {
"defaultValue": "true", "defaultValue": "true",
"validations": { "validations": {
"isNull": false, "isEmpty": false,
"isIn": [["true", "false"]] "isIn": [["true", "false"]]
} }
}, },

6
core/test/unit/validation_spec.js
View file

@ -25,9 +25,15 @@ describe('Validation', function () {
it('isEmptyOrUrl filters javascript urls', function () { it('isEmptyOrUrl filters javascript urls', function () {
/*jshint scripturl:true */ /*jshint scripturl:true */
validator.isEmptyOrURL('javascript:alert(0)').should.be.false(); validator.isEmptyOrURL('javascript:alert(0)').should.be.false();
validator.isEmptyOrURL('http://example.com/lol/<script>lalala</script>/').should.be.false();
validator.isEmptyOrURL('http://example.com/lol?somequery=<script>lalala</script>').should.be.false();
/*jshint scripturl:false */ /*jshint scripturl:false */
validator.isEmptyOrURL('').should.be.true(); validator.isEmptyOrURL('').should.be.true();
validator.isEmptyOrURL('http://localhost:2368').should.be.true(); validator.isEmptyOrURL('http://localhost:2368').should.be.true();
validator.isEmptyOrURL('http://example.com/test/').should.be.true();
validator.isEmptyOrURL('http://www.example.com/test/').should.be.true();
validator.isEmptyOrURL('http://example.com/foo?somequery=bar').should.be.true();
validator.isEmptyOrURL('example.com/test/').should.be.true();
}); });
}); });
}); });

2
package.json
View file

@ -83,7 +83,7 @@
"superagent": "3.3.1", "superagent": "3.3.1",
"unidecode": "0.1.8", "unidecode": "0.1.8",
"uuid": "3.0.0", "uuid": "3.0.0",
"validator": "5.7.0", "validator": "6.2.1",
"xml": "1.0.1" "xml": "1.0.1"
}, },
"optionalDependencies": { "optionalDependencies": {