mirror of
https://github.com/theoludwig/theoludwig.git
synced 2024-12-08 00:44:30 +01:00
fix(pages/api): escape html in send-email
This commit is contained in:
parent
3e18536c2e
commit
4b7d184c91
@ -17,21 +17,19 @@ const emailTransporter = nodemailer.createTransport({
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
export default async (
|
const handler = async (
|
||||||
request: NextApiRequest,
|
request: NextApiRequest,
|
||||||
response: NextApiResponse
|
response: NextApiResponse
|
||||||
): Promise<any> => {
|
): Promise<any> => {
|
||||||
if (request.method !== 'POST') {
|
if (request.method !== 'POST') {
|
||||||
return response.redirect('/404')
|
return response.redirect('/404')
|
||||||
}
|
}
|
||||||
|
const { name, email, subject, message } = request.body as {
|
||||||
let { name, email, subject, message } = request.body as {
|
|
||||||
name: string
|
name: string
|
||||||
email: string
|
email: string
|
||||||
subject: string
|
subject: string
|
||||||
message: string
|
message: string
|
||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
validator.isEmpty(name) ||
|
validator.isEmpty(name) ||
|
||||||
validator.isEmpty(email) ||
|
validator.isEmpty(email) ||
|
||||||
@ -40,26 +38,18 @@ export default async (
|
|||||||
) {
|
) {
|
||||||
return response.status(400).json({ type: 'requiredFields' })
|
return response.status(400).json({ type: 'requiredFields' })
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!validator.isEmail(email)) {
|
if (!validator.isEmail(email)) {
|
||||||
return response.status(400).json({ type: 'invalidEmail' })
|
return response.status(400).json({ type: 'invalidEmail' })
|
||||||
}
|
}
|
||||||
|
|
||||||
email = validator.normalizeEmail(email) as string
|
|
||||||
message = validator.trim(message)
|
|
||||||
message = validator.escape(message)
|
|
||||||
subject = validator.trim(subject)
|
|
||||||
subject = validator.escape(subject)
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
await emailTransporter.sendMail({
|
await emailTransporter.sendMail({
|
||||||
from: '"Divlo" <contact@divlo.fr>',
|
from: '"Divlo" <contact@divlo.fr>',
|
||||||
to: email,
|
to: email,
|
||||||
subject: `Contact - ${subject}`,
|
subject: `Contact - ${validator.escape(subject)}`,
|
||||||
html: `
|
html: `
|
||||||
<b>Name:</b> ${name} <br/>
|
<b>Name:</b> ${validator.escape(name)} <br/>
|
||||||
<b>Email:</b> ${email} <br/>
|
<b>Email:</b> ${validator.escape(email)} <br/>
|
||||||
<b>Message:</b> ${message}
|
<b>Message:</b> ${validator.escape(message)}
|
||||||
`
|
`
|
||||||
})
|
})
|
||||||
return response.status(201).json({ type: 'success' })
|
return response.status(201).json({ type: 'success' })
|
||||||
@ -67,3 +57,5 @@ export default async (
|
|||||||
return response.status(500).json({ type: 'serverError' })
|
return response.status(500).json({ type: 'serverError' })
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export default handler
|
||||||
|
Loading…
Reference in New Issue
Block a user