feat: validate and sanitize media files #249
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lamkeewei
added a commit
that referenced
this pull request
Aug 23, 2021
* develop: (24 commits) Refactor/collection pages refactor (#215) build(deps): bump dompurify from 2.3.0 to 2.3.1 (#264) Introduce standard issue templates (#58) build(deps): bump cookie-parser from 1.4.4 to 1.4.5 (#261) build(deps): bump path-parse from 1.0.6 to 1.0.7 (#255) build(deps-dev): bump eslint-plugin-prettier from 3.3.1 to 3.4.0 (#229) build(deps-dev): bump lint-staged from 11.0.0 to 11.1.2 (#251) build(deps): bump morgan from 1.9.1 to 1.10.0 (#228) build(deps-dev): bump eslint-plugin-import from 2.22.1 to 2.23.4 (#223) build(deps): bump moment-timezone from 0.5.31 to 0.5.33 (#221) fix: upgrade bluebird from 3.7.0 to 3.7.2 (#239) fix: upgrade http-errors from 1.6.3 to 1.8.0 (#238) fix: upgrade js-base64 from 2.5.1 to 2.6.4 (#237) build(deps): bump dotenv from 8.1.0 to 10.0.0 (#219) fix: upgrade query-string from 6.8.3 to 6.14.1 (#235) [develop] fix: update logout (#252) feat: validate and sanitize media files (#249) Fix: update path to netlify.toml (#248) fix: add helmet for security (#243) fix: upgrade dependencies (#242) ...
lamkeewei
added a commit
that referenced
this pull request
Aug 23, 2021
…token-middleware * feat/identity/database-models: (25 commits) feat: add github_id column to user model Refactor/collection pages refactor (#215) build(deps): bump dompurify from 2.3.0 to 2.3.1 (#264) Introduce standard issue templates (#58) build(deps): bump cookie-parser from 1.4.4 to 1.4.5 (#261) build(deps): bump path-parse from 1.0.6 to 1.0.7 (#255) build(deps-dev): bump eslint-plugin-prettier from 3.3.1 to 3.4.0 (#229) build(deps-dev): bump lint-staged from 11.0.0 to 11.1.2 (#251) build(deps): bump morgan from 1.9.1 to 1.10.0 (#228) build(deps-dev): bump eslint-plugin-import from 2.22.1 to 2.23.4 (#223) build(deps): bump moment-timezone from 0.5.31 to 0.5.33 (#221) fix: upgrade bluebird from 3.7.0 to 3.7.2 (#239) fix: upgrade http-errors from 1.6.3 to 1.8.0 (#238) fix: upgrade js-base64 from 2.5.1 to 2.6.4 (#237) build(deps): bump dotenv from 8.1.0 to 10.0.0 (#219) fix: upgrade query-string from 6.8.3 to 6.14.1 (#235) [develop] fix: update logout (#252) feat: validate and sanitize media files (#249) Fix: update path to netlify.toml (#248) fix: add helmet for security (#243) ...
lamkeewei
added a commit
that referenced
this pull request
Aug 23, 2021
…/email-login * feat/identity/site-token-middleware: (25 commits) feat: add github_id column to user model Refactor/collection pages refactor (#215) build(deps): bump dompurify from 2.3.0 to 2.3.1 (#264) Introduce standard issue templates (#58) build(deps): bump cookie-parser from 1.4.4 to 1.4.5 (#261) build(deps): bump path-parse from 1.0.6 to 1.0.7 (#255) build(deps-dev): bump eslint-plugin-prettier from 3.3.1 to 3.4.0 (#229) build(deps-dev): bump lint-staged from 11.0.0 to 11.1.2 (#251) build(deps): bump morgan from 1.9.1 to 1.10.0 (#228) build(deps-dev): bump eslint-plugin-import from 2.22.1 to 2.23.4 (#223) build(deps): bump moment-timezone from 0.5.31 to 0.5.33 (#221) fix: upgrade bluebird from 3.7.0 to 3.7.2 (#239) fix: upgrade http-errors from 1.6.3 to 1.8.0 (#238) fix: upgrade js-base64 from 2.5.1 to 2.6.4 (#237) build(deps): bump dotenv from 8.1.0 to 10.0.0 (#219) fix: upgrade query-string from 6.8.3 to 6.14.1 (#235) [develop] fix: update logout (#252) feat: validate and sanitize media files (#249) Fix: update path to netlify.toml (#248) fix: add helmet for security (#243) ...
harishv7
pushed a commit
that referenced
this pull request
Feb 17, 2023
* feat: validate media file extension types * feat: detect and sanitize SVG
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a feature to:
["pdf","png","jpg","gif","tif","bmp","ico", "svg"])svg, we sanitize its content before uploading it to GitHubThis PR can be reviewed independently of the CMS frontend PR. It partially solves https://github.com/isomerpages/isomer-product/issues/27.
Key points to take note of
file-typecan detect most of the whitelisted file extensions, except forsvgWe use the
file-typelibrary to determine the file extension of the uploaded file. However, the library cannot determine if the file is of typesvg- the author gave the following reason:As such, we use the
is-svglibrary to help us detectsvgfiles.Added dependencies
Added development dependencies
none