fen/uptime-kuma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request from GHSA-v4v2-8h88-65qj

Browse source
This commit is contained in:
Louis Lam 2023-11-24 17:18:01 +08:00 committed by GitHub
parent 121d1a11af
commit f28dccf4e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
package-lock.json generated
View file

@ -33,6 +33,7 @@
"express-static-gzip": "~2.1.7", "express-static-gzip": "~2.1.7",
"form-data": "~4.0.0", "form-data": "~4.0.0",
"gamedig": "~4.1.0", "gamedig": "~4.1.0",
"html-escaper": "^3.0.3",
"http-graceful-shutdown": "~3.1.7", "http-graceful-shutdown": "~3.1.7",
"http-proxy-agent": "~5.0.0", "http-proxy-agent": "~5.0.0",
"https-proxy-agent": "~5.0.1", "https-proxy-agent": "~5.0.1",
@ -10747,10 +10748,9 @@
"dev": true "dev": true
}, },
"node_modules/html-escaper": { "node_modules/html-escaper": {
"version": "2.0.2", "version": "3.0.3",
"resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-3.0.3.tgz",
"integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", "integrity": "sha512-RuMffC89BOWQoY0WKGpIhn5gX3iI54O6nRA0yC124NYVtzjmFWBIiFd8M0x+ZdX0P9R4lADg1mgP8C7PxGOWuQ=="
"dev": true
}, },
"node_modules/html-tags": { "node_modules/html-tags": {
"version": "3.3.1", "version": "3.3.1",
@ -11558,6 +11558,12 @@
"node": ">=8" "node": ">=8"
} }
}, },
"node_modules/istanbul-reports/node_modules/html-escaper": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
"integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==",
"dev": true
},
"node_modules/jackspeak": { "node_modules/jackspeak": {
"version": "2.3.6", "version": "2.3.6",
"resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz",

1
package.json
View file

@ -100,6 +100,7 @@
"express-static-gzip": "~2.1.7", "express-static-gzip": "~2.1.7",
"form-data": "~4.0.0", "form-data": "~4.0.0",
"gamedig": "~4.1.0", "gamedig": "~4.1.0",
"html-escaper": "^3.0.3",
"http-graceful-shutdown": "~3.1.7", "http-graceful-shutdown": "~3.1.7",
"http-proxy-agent": "~5.0.0", "http-proxy-agent": "~5.0.0",
"https-proxy-agent": "~5.0.1", "https-proxy-agent": "~5.0.1",

14
server/google-analytics.js
View file

@ -1,4 +1,5 @@
const jsesc = require("jsesc"); const jsesc = require("jsesc");
const { escape } = require("html-escaper");
/** /**
* Returns a string that represents the javascript that is required to insert the Google Analytics scripts * Returns a string that represents the javascript that is required to insert the Google Analytics scripts
@ -7,15 +8,18 @@ const jsesc = require("jsesc");
* @returns {string} * @returns {string}
*/ */
function getGoogleAnalyticsScript(tagId) { function getGoogleAnalyticsScript(tagId) {
let escapedTagId = jsesc(tagId, { isScriptContext: true }); let escapedTagIdJS = jsesc(tagId, { isScriptContext: true });
if (escapedTagId) { if (escapedTagIdJS) {
escapedTagId = escapedTagId.trim(); escapedTagIdJS = escapedTagIdJS.trim();
} }
// Escape the tag ID for use in an HTML attribute.
let escapedTagIdHTMLAttribute = escape(tagId);
return ` return `
<script async src="https://www.googletagmanager.com/gtag/js?id=${escapedTagId}"></script> <script async src="https://www.googletagmanager.com/gtag/js?id=${escapedTagIdHTMLAttribute}"></script>
<script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '${escapedTagId}'); </script> <script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '${escapedTagIdJS}'); </script>
`; `;
} }