aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 22:44:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Properly escape script inputs for shopify integration

Browse Source
This commit is contained in:
nicolas.dorier
2021-04-08 13:44:51 +09:00
parent 5de93f8cc4
commit cc5a388106
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
BTCPayServer/Plugins/Shopify/ShopifyController.cs
View File

@@ -20,6 +20,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.Extensions.Options;
using Newtonsoft.Json.Linq;
using NicolasDorier.RateLimits;
@@ -38,6 +39,7 @@ namespace BTCPayServer.Plugins.Shopify
private readonly StoreRepository _storeRepository;
private readonly InvoiceRepository _invoiceRepository;
private readonly InvoiceController _invoiceController;
private readonly IJsonHelper _jsonHelper;
private readonly IHttpClientFactory _clientFactory;
public ShopifyController(BTCPayServerEnvironment btcPayServerEnvironment,
@@ -46,6 +48,7 @@ namespace BTCPayServer.Plugins.Shopify
StoreRepository storeRepository,
InvoiceRepository invoiceRepository,
InvoiceController invoiceController,
IJsonHelper jsonHelper,
IHttpClientFactory clientFactory)
{
_btcPayServerEnvironment = btcPayServerEnvironment;
@@ -54,6 +57,7 @@ namespace BTCPayServer.Plugins.Shopify
_storeRepository = storeRepository;
_invoiceRepository = invoiceRepository;
_invoiceController = invoiceController;
_jsonHelper = jsonHelper;
_clientFactory = clientFactory;
}
public StoreData CurrentStore
@@ -93,7 +97,7 @@ namespace BTCPayServer.Plugins.Shopify
public async Task<IActionResult> ShopifyJavascript(string storeId)
{
var jsFile =
$"var BTCPAYSERVER_URL = \"{Request.GetAbsoluteRoot()}\"; var STORE_ID = \"{storeId}\"; {await GetJavascript()}";
$"var BTCPAYSERVER_URL = {_jsonHelper.Serialize(Request.GetAbsoluteRoot())}; var STORE_ID = {_jsonHelper.Serialize(storeId)}; {await GetJavascript()}";
return Content(jsFile, "text/javascript");
}