check for array query parameter

hemati · Dec 11, 2023 · bd4fb2c · bd4fb2c
1 parent 254a77c
commit bd4fb2c
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/packages/server/src/utils/XSS.ts b/packages/server/src/utils/XSS.ts
@@ -6,8 +6,15 @@ export function sanitizeMiddleware(req: Request, res: Response, next: NextFuncti
     const decodedURI = decodeURI(req.url)
     req.url = sanitizeHtml(decodedURI)
     for (let p in req.query) {
-        req.query[p] = sanitizeHtml(req.query[p] as string)
+        if (Array.isArray(req.query[p])) {
+            const sanitizedQ = []
+            for (const q of req.query[p] as string[]) {
+                sanitizedQ.push(sanitizeHtml(q))
+            }
+            req.query[p] = sanitizedQ
+        } else {
+            req.query[p] = sanitizeHtml(req.query[p] as string)
+        }
     }
-
     next()
 }