Mirrors/CyberChef
2
0
Fork 0
mirror of https://github.com/gchq/CyberChef synced 2024-12-29 14:03:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix XSS in operation TranslateDateTimeFormat

Browse source
This commit is contained in:
MikeCAT 2023-03-18 00:32:06 +09:00
parent 2efd075803
commit d9d6b7aa37
1 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/core/operations/TranslateDateTimeFormat.mjs
View file

@ -24,7 +24,8 @@ class TranslateDateTimeFormat extends Operation {
this.description = "Parses a datetime string in one format and re-writes it in another.<br><br>Run with no input to see the relevant format string examples.";
this.infoURL = "https://momentjs.com/docs/#/parsing/string-format/";
this.inputType = "string";
this.outputType = "html";
this.outputType = "string";
this.presentType = "html";
this.args = [
{
"name": "Built in formats",
@ -53,12 +54,14 @@ class TranslateDateTimeFormat extends Operation {
"value": ["UTC"].concat(moment.tz.names())
}
];
this.invalidFormatMessage = "Invalid format.";
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {html}
* @returns {string}
*/
run(input, args) {
const [inputFormat, inputTimezone, outputFormat, outputTimezone] = args.slice(1);
@ -68,12 +71,24 @@ class TranslateDateTimeFormat extends Operation {
date = moment.tz(input, inputFormat, inputTimezone);
if (!date || date.format() === "Invalid date") throw Error;
} catch (err) {
return `Invalid format.\n\n${FORMAT_EXAMPLES}`;
return this.invalidFormatMessage;
}
return date.tz(outputTimezone).format(outputFormat);
}
/**
* @param {string} data
* @returns {html}
*/
present(data) {
if (data === this.invalidFormatMessage) {
return `${data}\n\n${FORMAT_EXAMPLES}`;
}
return data.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;");
}
}
export default TranslateDateTimeFormat;