forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfeedback.js
35 lines (32 loc) · 1.09 KB
/
feedback.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/* jslint node: true */
const insecurity = require('../lib/insecurity')
const utils = require('../lib/utils')
const challenges = require('../data/datacache').challenges
module.exports = (sequelize, {STRING, INTEGER}) => {
const Feedback = sequelize.define('Feedback', {
comment: {
type: STRING,
set (comment) {
const sanitizedComment = insecurity.sanitizeHtml(comment)
this.setDataValue('comment', sanitizedComment)
if (utils.notSolved(challenges.persistedXssChallengeFeedback) && utils.contains(sanitizedComment, '<script>alert("XSS")</script>')) {
utils.solve(challenges.persistedXssChallengeFeedback)
}
}
},
rating: {
type: INTEGER,
allowNull: false,
set (rating) {
this.setDataValue('rating', rating)
if (utils.notSolved(challenges.zeroStarsChallenge) && rating === 0) {
utils.solve(challenges.zeroStarsChallenge)
}
}
}
})
Feedback.associate = ({User}) => {
Feedback.belongsTo(User) // no FK constraint to allow anonymous feedback posts
}
return Feedback
}