try adding dompurify direct to sharedb too

theopensystemslab · Nov 24, 2023 · 42f3671 · 42f3671
1 parent 6437fa5
commit 42f3671
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/sharedb.planx.uk/package.json b/sharedb.planx.uk/package.json
@@ -4,6 +4,7 @@
   "private": true,
   "dependencies": {
     "@teamwork/websocket-json-stream": "^2.0.0",
+    "dompurify": "^3.0.6",
     "jsonwebtoken": "^8.5.1",
     "pg": "^8.11.3",
     "sharedb": "^3.3.1",

diff --git a/sharedb.planx.uk/pnpm-lock.yaml b/sharedb.planx.uk/pnpm-lock.yaml
diff --git a/sharedb.planx.uk/sharedb-postgresql.js b/sharedb.planx.uk/sharedb-postgresql.js
@@ -1,5 +1,6 @@
 const { Pool } = require("pg");
 const { DB } = require("sharedb");
+const DOMPurify = require("dompurify");
 
 function PostgresDB(options) {
   if (!(this instanceof PostgresDB)) {
@@ -25,6 +26,22 @@ function rollback(client, done) {
   client.query("ROLLBACK", (err) => done(err));
 }
 
+// Also see editor.planx.uk/src/@planx/graph/index.ts
+// This is a simplified implementation that only handles purification of unsafe values, it does not handle empty values
+function sanitize(x) {
+  if ((x && typeof x === "string") || x instanceof String) {
+    return DOMPurify.sanitize(x);
+  } else if ((x && typeof x === "object") || x instanceof Object) {
+    return Object.entries(x).reduce((acc, [k, v]) => {
+      v = sanitize(v);
+      acc[k] = v;
+      return acc;
+    }, x);
+  } else {
+    return x;
+  }
+}
+
 // Persists an op and snapshot if it is for the next version. Calls back with
 // callback(err, succeeded)
 PostgresDB.prototype.commit = function (
@@ -35,6 +52,10 @@ PostgresDB.prototype.commit = function (
   _options,
   callback
 ) {
+  // Remove any unsafe values from this operation before committing
+  op = sanitize(op);
+  console.log('sanitised op', op);
+
   const { uId: actorId } = op.m;
 
   /*