mirror of
https://github.com/gchq/CyberChef
synced 2025-01-19 16:04:00 +00:00
fix XSS in operation TranslateDateTimeFormat
This commit is contained in:
parent
2efd075803
commit
d9d6b7aa37
1 changed files with 18 additions and 3 deletions
|
@ -24,7 +24,8 @@ class TranslateDateTimeFormat extends Operation {
|
||||||
this.description = "Parses a datetime string in one format and re-writes it in another.<br><br>Run with no input to see the relevant format string examples.";
|
this.description = "Parses a datetime string in one format and re-writes it in another.<br><br>Run with no input to see the relevant format string examples.";
|
||||||
this.infoURL = "https://momentjs.com/docs/#/parsing/string-format/";
|
this.infoURL = "https://momentjs.com/docs/#/parsing/string-format/";
|
||||||
this.inputType = "string";
|
this.inputType = "string";
|
||||||
this.outputType = "html";
|
this.outputType = "string";
|
||||||
|
this.presentType = "html";
|
||||||
this.args = [
|
this.args = [
|
||||||
{
|
{
|
||||||
"name": "Built in formats",
|
"name": "Built in formats",
|
||||||
|
@ -53,12 +54,14 @@ class TranslateDateTimeFormat extends Operation {
|
||||||
"value": ["UTC"].concat(moment.tz.names())
|
"value": ["UTC"].concat(moment.tz.names())
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
this.invalidFormatMessage = "Invalid format.";
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param {string} input
|
* @param {string} input
|
||||||
* @param {Object[]} args
|
* @param {Object[]} args
|
||||||
* @returns {html}
|
* @returns {string}
|
||||||
*/
|
*/
|
||||||
run(input, args) {
|
run(input, args) {
|
||||||
const [inputFormat, inputTimezone, outputFormat, outputTimezone] = args.slice(1);
|
const [inputFormat, inputTimezone, outputFormat, outputTimezone] = args.slice(1);
|
||||||
|
@ -68,12 +71,24 @@ class TranslateDateTimeFormat extends Operation {
|
||||||
date = moment.tz(input, inputFormat, inputTimezone);
|
date = moment.tz(input, inputFormat, inputTimezone);
|
||||||
if (!date || date.format() === "Invalid date") throw Error;
|
if (!date || date.format() === "Invalid date") throw Error;
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
return `Invalid format.\n\n${FORMAT_EXAMPLES}`;
|
return this.invalidFormatMessage;
|
||||||
}
|
}
|
||||||
|
|
||||||
return date.tz(outputTimezone).format(outputFormat);
|
return date.tz(outputTimezone).format(outputFormat);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {string} data
|
||||||
|
* @returns {html}
|
||||||
|
*/
|
||||||
|
present(data) {
|
||||||
|
if (data === this.invalidFormatMessage) {
|
||||||
|
return `${data}\n\n${FORMAT_EXAMPLES}`;
|
||||||
|
}
|
||||||
|
return data.replace(/&/g, "&")
|
||||||
|
.replace(/</g, "<")
|
||||||
|
.replace(/>/g, ">");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export default TranslateDateTimeFormat;
|
export default TranslateDateTimeFormat;
|
||||||
|
|
Loading…
Reference in a new issue