Skip to content

Commit

Permalink
fix(security): Double escaping or unescaping
Browse files Browse the repository at this point in the history 
contributes to #669.
to fix https://github.com/openwhyd/openwhyd/security/code-scanning/20
  • Loading branch information
@adrienjoly
adrienjoly committed Aug 20, 2023
1 parent d28cdc1 commit ebc2781
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/controllers/api/bandcampExtractor.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ exports.extractBandcampStreamURLsFromHTML = (html) => {

function htmlDecode(str) {
return String(str)
.replace(/&/g, '&')
.replace(/&lt;/g, '<')
.replace(/&gt;/g, '>')
.replace(/&quot;/g, '"');
.replace(/&quot;/g, '"')
.replace(/&amp;/g, '&');
}

exports.controller = async function (req, reqParams = {}, res) {
Expand Down

0 comments on commit ebc2781

Please sign in to comment.