TheCloud/PronounsPage
1
0
Fork 0
mirror of https://gitlab.com/PronounsPage/PronounsPage.git synced 2025-09-24 05:05:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

(security) improve pronunciation endpoint length check

Browse Source 
eg.: <speak><phoneme ph="sʌm ɪnˈtaɪər ˈʃeɪkspɪər tɛkst ɪn ˈaɪpiːˈeɪ"/></speak>
This commit is contained in:
Andrea Vos 2023-11-19 13:50:48 +01:00
parent bd2ac79c49
commit 5a6315ad47
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/routes/pronounce.js
View File

@ -31,7 +31,8 @@ router.get('/pronounce/:voice/:pronoun*', handleErrorAsync(async (req, res) => {
const text = example.pronounce(pronoun);
if (!text || text.replace(/<[^>]+>/g, '').length > 256) {
// quick length check to avoid abuse. remove SSML tags but keep both tag value and attributes
if (!text || text.replace(/<[^ ]+/g, '').replace('>', '').length > 256) {
return res.status(404).json({error: 'Not found'});
}