mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-22 14:22:40 +01:00
Code Issues Projects Releases Packages Wiki Activity

Properly escape script inputs for shopify integration

Browse source
This commit is contained in:
nicolas.dorier 2021-04-08 13:44:51 +09:00
parent 5de93f8cc4
commit cc5a388106
No known key found for this signature in database
GPG key ID: 6618763EF09186FE
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
BTCPayServer/Plugins/Shopify/ShopifyController.cs
View file

@ -20,6 +20,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.Extensions.Options;
using Newtonsoft.Json.Linq;
using NicolasDorier.RateLimits;
@ -38,6 +39,7 @@ namespace BTCPayServer.Plugins.Shopify
private readonly StoreRepository _storeRepository;
private readonly InvoiceRepository _invoiceRepository;
private readonly InvoiceController _invoiceController;
private readonly IJsonHelper _jsonHelper;
private readonly IHttpClientFactory _clientFactory;
public ShopifyController(BTCPayServerEnvironment btcPayServerEnvironment,
@ -46,6 +48,7 @@ namespace BTCPayServer.Plugins.Shopify
StoreRepository storeRepository,
InvoiceRepository invoiceRepository,
InvoiceController invoiceController,
IJsonHelper jsonHelper,
IHttpClientFactory clientFactory)
{
_btcPayServerEnvironment = btcPayServerEnvironment;
@ -54,6 +57,7 @@ namespace BTCPayServer.Plugins.Shopify
_storeRepository = storeRepository;
_invoiceRepository = invoiceRepository;
_invoiceController = invoiceController;
_jsonHelper = jsonHelper;
_clientFactory = clientFactory;
}
public StoreData CurrentStore
@ -93,7 +97,7 @@ namespace BTCPayServer.Plugins.Shopify
public async Task<IActionResult> ShopifyJavascript(string storeId)
{
var jsFile =
$"var BTCPAYSERVER_URL = \"{Request.GetAbsoluteRoot()}\"; var STORE_ID = \"{storeId}\"; {await GetJavascript()}";
$"var BTCPAYSERVER_URL = {_jsonHelper.Serialize(Request.GetAbsoluteRoot())}; var STORE_ID = {_jsonHelper.Serialize(storeId)}; {await GetJavascript()}";
return Content(jsFile, "text/javascript");
}