Sanitize multiple spaces in display names to protect against some security concerns (#5703)

author: Paul Frazee <pfrazee@gmail.com> 2024-10-10 22:14:50 -0700
committer: GitHub <noreply@github.com> 2024-10-10 22:14:50 -0700
commit: 7677bb3f0a9cc09d029dbb0ba7f7a892e25f631d (patch)
tree: e58ffee8c95e580679cda80b825463c8ba51fdad /src/lib/strings/display-names.ts
parent: a8fb8dc6b2bdb17170394075dba85e15117b805a (diff)
download: voidsky-7677bb3f0a9cc09d029dbb0ba7f7a892e25f631d.tar.zst
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/strings/display-names.ts b/src/lib/strings/display-names.ts
index e0f23fa2c..23f325512 100644
--- a/src/lib/strings/display-names.ts
+++ b/src/lib/strings/display-names.ts
@@ -7,6 +7,7 @@ import {ModerationUI} from '@atproto/api'
 const CHECK_MARKS_RE = /[\u2705\u2713\u2714\u2611]/gu
 const CONTROL_CHARS_RE =
   /[\u0000-\u001F\u007F-\u009F\u061C\u200E\u200F\u202A-\u202E\u2066-\u2069]/g
+const MULTIPLE_SPACES_RE = /[\s][\s]+/g
 
 export function sanitizeDisplayName(
   str: string,
@@ -16,7 +17,11 @@ export function sanitizeDisplayName(
     return ''
   }
   if (typeof str === 'string') {
-    return str.replace(CHECK_MARKS_RE, '').replace(CONTROL_CHARS_RE, '').trim()
+    return str
+      .replace(CHECK_MARKS_RE, '')
+      .replace(CONTROL_CHARS_RE, '')
+      .replace(MULTIPLE_SPACES_RE, ' ')
+      .trim()
   }
   return ''
 }
author	Paul Frazee <pfrazee@gmail.com>	2024-10-10 22:14:50 -0700
committer	GitHub <noreply@github.com>	2024-10-10 22:14:50 -0700
commit	7677bb3f0a9cc09d029dbb0ba7f7a892e25f631d (patch)
tree	e58ffee8c95e580679cda80b825463c8ba51fdad /src/lib/strings/display-names.ts
parent	a8fb8dc6b2bdb17170394075dba85e15117b805a (diff)
download	voidsky-7677bb3f0a9cc09d029dbb0ba7f7a892e25f631d.tar.zst