UNPKG

periodicjs.core.data

Version:

Core data is the ORM wrapping component of periodicjs.core.controller that provides database adapters for commonly used databases (ie. mongo, sql, postgres). Adapters provide a standard set of methods and options regardless of the type of database and so

github.com/typesettin/periodicjs.core.data

typesettin/periodicjs.core.data

68 lines (66 loc) 2.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
'use strict'; const xss = require('xss'); const xssRegexp = /(<([^>]+)>)/ig; const vm = require('vm'); const flat = require('flat'); /** * returns javascript from a string * @param {String} input - JavaScript code as a string * @returns {Any} output - parsed javascript string as valid JavaScript */ function parseJavaScript(input) { const sandbox = { output: {}, }; try { vm.runInNewContext(`output = ${input}`, sandbox); return sandbox.output; } catch (e) { // console.warn('WARNING: parseJavaScript InputError', input); throw(e); } } exports.parseJavaScript = parseJavaScript; /** * Enforces XSS character escaping rules * @param {Object} doc Data that is being escaped * @param {Object} configuration xss npm module configuration object * @param {Object} options Configurable options for character escaping * @param {Boolean} [options.html_xss] If true xss module is used for character escaping * @param {Boolean} [options.skip_xss] If true character escaping is ignored * @return {Object} Returns either original document or object with xss character escaping rules applied */ module.exports = function enforceXSSRules(doc, configuration, options = {}) { if (!options.skip_xss) { const errors = []; try { const docString = JSON.stringify(doc,null,2); if (configuration && options.html_xss) return parseJavaScript(xss(docString, configuration)); else return parseJavaScript(docString.replace(xssRegexp, '')); } catch (errorXSS) { errors.push(errorXSS); const docString = JSON.stringify(doc, null, 2); try { return parseJavaScript(docString.replace(xssRegexp, '')); } catch (errorRegEx) { errors.push(errorRegEx); try { const flattenDoc = flat.flatten(doc); const safeDocFlattened = Object.keys(flattenDoc).reduce((result, prop) => { const val = flattenDoc[ prop ]; result[ prop ] = typeof val === 'string' ? xss(val, configuration) : val; return result; }, {}); const safeDoc = flat.unflatten(safeDocFlattened); return safeDoc; } catch (errorFlat) { errors.push(errorFlat); throw errorFlat; } } } } else return doc; };