Page MenuHomePhabricator
Files F2907338

D8527.diff
No OneTemporary
Actions

D8527.diff
View Options

diff --git a/keyserver/package.json b/keyserver/package.json
--- a/keyserver/package.json
+++ b/keyserver/package.json
@@ -46,6 +46,7 @@
"@parse/node-apn": "^3.2.0",
"@vingle/bmp-js": "^0.2.5",
"JSONStream": "^1.3.5",
+ "bad-words": "^3.0.4",
"common-tags": "^1.7.2",
"cookie-parser": "^1.4.3",
"dateformat": "^3.0.3",
diff --git a/keyserver/src/creators/invite-link-creator.js b/keyserver/src/creators/invite-link-creator.js
--- a/keyserver/src/creators/invite-link-creator.js
+++ b/keyserver/src/creators/invite-link-creator.js
@@ -1,5 +1,7 @@
// @flow
+import Filter from 'bad-words';
+
import type {
CreateOrUpdatePublicLinkRequest,
InviteLink,
@@ -19,6 +21,7 @@
import { Viewer } from '../session/viewer.js';
const secretRegex = /^[a-zA-Z0-9]+$/;
+const badWordsFilter = new Filter();
async function createOrUpdatePublicLink(
viewer: Viewer,
@@ -27,6 +30,9 @@
if (!secretRegex.test(request.name)) {
throw new ServerError('invalid_characters');
}
+ if (badWordsFilter.isProfane(request.name)) {
+ throw new ServerError('offensive_words');
+ }
const permissionPromise = checkThreadPermission(
viewer,
diff --git a/yarn.lock b/yarn.lock
--- a/yarn.lock
+++ b/yarn.lock
@@ -7617,6 +7617,18 @@
babel-plugin-jest-hoist "^26.6.2"
babel-preset-current-node-syntax "^1.0.0"
+bad-words@^3.0.4:
+ version "3.0.4"
+ resolved "https://registry.yarnpkg.com/bad-words/-/bad-words-3.0.4.tgz#044c83935c4c363a905d47b5e0179f7241fecaec"
+ integrity sha512-v/Q9uRPH4+yzDVLL4vR1+S9KoFgOEUl5s4axd6NIAq8SV2mradgi4E8lma/Y0cw1ltVdvyegCQQKffCPRCp8fg==
+ dependencies:
+ badwords-list "^1.0.0"
+
+badwords-list@^1.0.0:
+ version "1.0.0"
+ resolved "https://registry.yarnpkg.com/badwords-list/-/badwords-list-1.0.0.tgz#5e9856dbf13482a295c3b0b304afb9d4cfc5c579"
+ integrity sha512-oWhaSG67e+HQj3OGHQt2ucP+vAPm1wTbdp2aDHeuh4xlGXBdWwzZ//pfu6swf5gZ8iX0b7JgmSo8BhgybbqszA==
+
balanced-match@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"

File Metadata

Mime Type
text/plain
Expires
Mon, Oct 7, 11:10 AM (21 h, 31 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2254037
Default Alt Text
D8527.diff (2 KB)

Event Timeline