patched xss hole with messages not setting the content type correctly
This commit is contained in:
@@ -25,4 +25,5 @@ module.exports =
|
||||
logger.err err:err, query:query, "problem getting messages from chat api"
|
||||
return res.send 500
|
||||
logger.log length:messages?.length, "sending messages to client"
|
||||
res.set 'Content-Type', 'application/json'
|
||||
res.send messages
|
||||
|
||||
@@ -33,7 +33,8 @@ describe "ChatController", ->
|
||||
_id:@user_id
|
||||
body:
|
||||
content:@messageContent
|
||||
@res = {}
|
||||
@res =
|
||||
set:sinon.stub()
|
||||
|
||||
describe "sendMessage", ->
|
||||
|
||||
@@ -69,6 +70,7 @@ describe "ChatController", ->
|
||||
messages = [{content:"hello"}]
|
||||
@ChatHandler.getMessages.callsArgWith(2, null, messages)
|
||||
@res.send = (sentMessages)=>
|
||||
@res.set.calledWith('Content-Type', 'application/json').should.equal true
|
||||
sentMessages.should.deep.equal messages
|
||||
done()
|
||||
@ChatController.getMessages @req, @res
|
||||
|
||||
Reference in New Issue
Block a user