From 9d67724da9c4d042092663055764bf3c7a662b6a Mon Sep 17 00:00:00 2001 From: David Bolack Date: Fri, 10 Jan 2025 23:22:22 -0600 Subject: [PATCH 1/8] Wrap titles in error messages with pre blocks to prevent rendering. --- client/homebrew/pages/errorPage/errors/errorIndex.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js index ccdd86768..73040ec68 100644 --- a/client/homebrew/pages/errorPage/errors/errorIndex.js +++ b/client/homebrew/pages/errorPage/errors/errorIndex.js @@ -89,7 +89,7 @@ const errorIndex = (props)=>{ : - **Brew Title:** ${props.brew.brewTitle || 'Unable to show title'} + **Brew Title:** \`${props.brew.brewTitle || 'Unable to show title'}\` **Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'} @@ -104,7 +104,7 @@ const errorIndex = (props)=>{ : - **Brew Title:** ${props.brew.brewTitle || 'Unable to show title'} + **Brew Title:** \`${props.brew.brewTitle || 'Unable to show title'}\` **Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'} @@ -181,7 +181,7 @@ const errorIndex = (props)=>{ **Brew ID:** ${props.brew.brewId} - **Brew Title:** ${props.brew.brewTitle}`, + **Brew Title:** \`${props.brew.brewTitle}\`, // ####### Admin page error ####### '52' : dedent` From 80003f6c5735a290f6ab6e22f377bf525f90eabb Mon Sep 17 00:00:00 2001 From: David Bolack Date: Sat, 11 Jan 2025 08:44:11 -0600 Subject: [PATCH 2/8] Return overremoved backtick --- client/homebrew/pages/errorPage/errors/errorIndex.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js index 73040ec68..f05f93838 100644 --- a/client/homebrew/pages/errorPage/errors/errorIndex.js +++ b/client/homebrew/pages/errorPage/errors/errorIndex.js @@ -181,7 +181,7 @@ const errorIndex = (props)=>{ **Brew ID:** ${props.brew.brewId} - **Brew Title:** \`${props.brew.brewTitle}\`, + **Brew Title:** \`${props.brew.brewTitle}\``, // ####### Admin page error ####### '52' : dedent` From abc830eda2210a64607ff338ecec376e1957ff73 Mon Sep 17 00:00:00 2001 From: David Bolack Date: Fri, 24 Jan 2025 14:09:13 -0600 Subject: [PATCH 3/8] Change backticks to `
` literals.

---
 client/homebrew/pages/errorPage/errors/errorIndex.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js
index f05f93838..caa5e662c 100644
--- a/client/homebrew/pages/errorPage/errors/errorIndex.js
+++ b/client/homebrew/pages/errorPage/errors/errorIndex.js
@@ -89,7 +89,7 @@ const errorIndex = (props)=>{
 		
 		:
 
-		**Brew Title:** \`${props.brew.brewTitle || 'Unable to show title'}\`
+		**Brew Title:** 
${props.brew.brewTitle || 'Unable to show title'}

 
 		**Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'}
 		
@@ -104,7 +104,7 @@ const errorIndex = (props)=>{
 		
 		:
 
-		**Brew Title:** \`${props.brew.brewTitle || 'Unable to show title'}\`
+		**Brew Title:** 
${props.brew.brewTitle || 'Unable to show title'}

 
 		**Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'}
 
@@ -181,7 +181,7 @@ const errorIndex = (props)=>{
 
 		**Brew ID:**  ${props.brew.brewId}
 		
-		**Brew Title:** \`${props.brew.brewTitle}\``,
+		**Brew Title:** 
${props.brew.brewTitle}
`,
 
 		// ####### Admin page error #######
 		'52' : dedent`

From d69288076af8f86e2f877b5f02d09be79e25ba48 Mon Sep 17 00:00:00 2001
From: Trevor Buckner 
Date: Mon, 27 Jan 2025 23:34:50 -0500
Subject: [PATCH 4/8] Change to _.escape() to escape HTML characters

---
 client/homebrew/pages/errorPage/errors/errorIndex.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js
index caa5e662c..1353cf889 100644
--- a/client/homebrew/pages/errorPage/errors/errorIndex.js
+++ b/client/homebrew/pages/errorPage/errors/errorIndex.js
@@ -1,4 +1,5 @@
 const dedent = require('dedent-tabs').default;
+import _ from 'lodash';
 
 const loginUrl = 'https://www.naturalcrit.com/login';
 
@@ -89,7 +90,7 @@ const errorIndex = (props)=>{
 		
 		:
 
-		**Brew Title:** 
${props.brew.brewTitle || 'Unable to show title'}

+		**Brew Title:** ${_.escape(props.brew.brewTitle) || 'Unable to show title'}
 
 		**Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'}
 		
@@ -104,7 +105,7 @@ const errorIndex = (props)=>{
 		
 		:
 
-		**Brew Title:** 
${props.brew.brewTitle || 'Unable to show title'}

+		**Brew Title:** ${_.escape(props.brew.brewTitle) || 'Unable to show title'}
 
 		**Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'}
 
@@ -181,7 +182,7 @@ const errorIndex = (props)=>{
 
 		**Brew ID:**  ${props.brew.brewId}
 		
-		**Brew Title:** 
${props.brew.brewTitle}
`,
+		**Brew Title:** ${_.escape(props.brew.brewTitle)}`,
 
 		// ####### Admin page error #######
 		'52' : dedent`

From 73c2be147cb56e18b515abaeb61c52e9a15551f3 Mon Sep 17 00:00:00 2001
From: Trevor Buckner 
Date: Tue, 28 Jan 2025 00:13:51 -0500
Subject: [PATCH 5/8] Custom escape function

---
 client/homebrew/pages/errorPage/errors/errorIndex.js | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js
index 1353cf889..5c21b719c 100644
--- a/client/homebrew/pages/errorPage/errors/errorIndex.js
+++ b/client/homebrew/pages/errorPage/errors/errorIndex.js
@@ -7,6 +7,10 @@ const loginUrl = 'https://www.naturalcrit.com/login';
 //050-100 : Other pages errors
 
 const errorIndex = (props)=>{
+	const escape = (text) => {
+		return text.split('').map(char => `\\${char}`).join('');
+	};
+
 	return {
 		// Default catch all
 		'00' : dedent`
@@ -90,7 +94,7 @@ const errorIndex = (props)=>{
 		
 		:
 
-		**Brew Title:** ${_.escape(props.brew.brewTitle) || 'Unable to show title'}
+		**Brew Title:** ${escape(props.brew.brewTitle) || 'Unable to show title'}
 
 		**Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'}
 		
@@ -105,7 +109,7 @@ const errorIndex = (props)=>{
 		
 		:
 
-		**Brew Title:** ${_.escape(props.brew.brewTitle) || 'Unable to show title'}
+		**Brew Title:** ${escape(props.brew.brewTitle) || 'Unable to show title'}
 
 		**Current Authors:** ${props.brew.authors?.map((author)=>{return `[${author}](/user/${author})`;}).join(', ') || 'Unable to list authors'}
 
@@ -182,7 +186,7 @@ const errorIndex = (props)=>{
 
 		**Brew ID:**  ${props.brew.brewId}
 		
-		**Brew Title:** ${_.escape(props.brew.brewTitle)}`,
+		**Brew Title:** ${escape(props.brew.brewTitle)}`,
 
 		// ####### Admin page error #######
 		'52' : dedent`

From ecd8869097a8c81260f572f24ae278185b3ddda9 Mon Sep 17 00:00:00 2001
From: Trevor Buckner 
Date: Tue, 28 Jan 2025 00:17:08 -0500
Subject: [PATCH 6/8] Add a comment

---
 client/homebrew/pages/errorPage/errors/errorIndex.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js
index 5c21b719c..fe8e505e5 100644
--- a/client/homebrew/pages/errorPage/errors/errorIndex.js
+++ b/client/homebrew/pages/errorPage/errors/errorIndex.js
@@ -3,14 +3,15 @@ import _ from 'lodash';
 
 const loginUrl = 'https://www.naturalcrit.com/login';
 
+// Prevent parsing text (e.g. document titles) as markdown
+const escape = (text) => {
+	return text.split('').map(char => `\\${char}`).join('');
+};
+
 //001-050 : Brew errors
 //050-100 : Other pages errors
 
 const errorIndex = (props)=>{
-	const escape = (text) => {
-		return text.split('').map(char => `\\${char}`).join('');
-	};
-
 	return {
 		// Default catch all
 		'00' : dedent`

From 6a31d612e632e95d3ccfdf410f9e8186a5af1fb5 Mon Sep 17 00:00:00 2001
From: Trevor Buckner 
Date: Tue, 28 Jan 2025 00:24:15 -0500
Subject: [PATCH 7/8] Escape to HTML entities

---
 client/homebrew/pages/errorPage/errors/errorIndex.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js
index fe8e505e5..63cb2619f 100644
--- a/client/homebrew/pages/errorPage/errors/errorIndex.js
+++ b/client/homebrew/pages/errorPage/errors/errorIndex.js
@@ -5,7 +5,7 @@ const loginUrl = 'https://www.naturalcrit.com/login';
 
 // Prevent parsing text (e.g. document titles) as markdown
 const escape = (text) => {
-	return text.split('').map(char => `\\${char}`).join('');
+	return text.split('').map(char => `&#${char.charCodeAt(0)};`).join('');
 };
 
 //001-050 : Brew errors

From 3e78b037850390b3e94a06d9021c6c1417ea7f11 Mon Sep 17 00:00:00 2001
From: Trevor Buckner 
Date: Tue, 28 Jan 2025 00:28:46 -0500
Subject: [PATCH 8/8] Remove lodash again

---
 client/homebrew/pages/errorPage/errors/errorIndex.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/client/homebrew/pages/errorPage/errors/errorIndex.js b/client/homebrew/pages/errorPage/errors/errorIndex.js
index 63cb2619f..f7614a37a 100644
--- a/client/homebrew/pages/errorPage/errors/errorIndex.js
+++ b/client/homebrew/pages/errorPage/errors/errorIndex.js
@@ -1,5 +1,4 @@
 const dedent = require('dedent-tabs').default;
-import _ from 'lodash';
 
 const loginUrl = 'https://www.naturalcrit.com/login';