fixing sanitization syntax

player/service/plugins/routes/v1/courses.js

@@ -385,9 +385,12 @@ module.exports = {
                             }
                         }
 
-                        let courseStructureData = helpers.sanitizeXML(courseStructureDataRaw);
-                        if (courseStructureData != undefined && helpers.isPotentiallyMaliciousXML(courseStructureData)) {
-                            throw Boom.internal(`Invalid XML data provided: ${ex}`);
+                        let courseStructureData = await helpers.sanitizeXML(courseStructureDataRaw);
+                        if (courseStructureData != undefined) {
+                            let seemsOdd = await helpers.isPotentiallyMaliciousXML(courseStructureData);
+                            if (seemsOdd) {
+                                throw Boom.internal(`Invalid XML data provided: ${ex}`);
+                            }
                         }
 
                         let courseStructureDocument;

player/service/tests/xml.spec.js

@@ -7,8 +7,9 @@ const fs = require("fs");
 
 const helpers = require("../plugins/routes/lib/helpers");
 const chai = require("chai");
+const exp = require("constants");
 
-describe("Libxmljs Usage", async () => {
+describe("XML Parsing and Usage", async () => {
 
     /**
      * https://www.stackhawk.com/blog/nodejs-xml-external-entities-xxe-guide-examples-and-prevention/
@@ -22,4 +23,14 @@ describe("Libxmljs Usage", async () => {
 
         chai.expect(suspicious).to.be.equal(true, "The provided XML should have thrown a validity issue for its use of an <!ENTITY tag");
     });
+
+    it ("Sanitizes malicious characters out of the XML body", async() => {
+
+        let providedText = '\u0000Some text\u0000🎉🎉\u0000';
+        let expectedText = 'Some text';
+
+        let parsedText = await helpers.sanitizeXML(providedText);
+
+        chai.expect(parsedText).to.be.equal(expectedText, "The provided XML was not parsed into the expected text");
+    });
 });