Merge pull request #964 from CVEProject/bep-revert-729

Temporarily reverts HTML stripping pending additional fixes

package.json

@@ -37,7 +37,6 @@
         "express-rate-limit": "^6.5.2",
         "express-validator": "^6.12.0",
         "helmet": "^3.21.2",
-        "html-entities": "^2.3.3",
         "jsonschema": "^1.4.0",
         "JSONStream": "^1.3.5",
         "kleur": "^4.1.4",

src/controller/org.controller/org.controller.js

@@ -9,7 +9,6 @@ const uuid = require('uuid')
 const errors = require('./error')
 const error = new errors.OrgControllerError()
 const uuidAPIKey = require('uuid-apikey')
-const decodeEntities = require('html-entities').decode
 
 /**
  *  Get the details of all orgs
@@ -244,9 +243,9 @@ async function createOrg (req, res, next) {
       const key = k.toLowerCase()
 
       if (key === 'short_name') {
-        newOrg.short_name = decodeEntities(req.ctx.body.short_name)
+        newOrg.short_name = req.ctx.body.short_name
       } else if (key === 'name') {
-        newOrg.name = decodeEntities(req.ctx.body.name)
+        newOrg.name = req.ctx.body.name
       } else if (key === 'authority') {
         if (req.ctx.body.authority.active_roles) {
           newOrg.authority.active_roles = req.ctx.body.authority.active_roles
@@ -325,10 +324,10 @@ async function updateOrg (req, res, next) {
       const key = k.toLowerCase()
 
       if (key === 'new_short_name') {
-        newOrg.short_name = decodeEntities(req.ctx.query.new_short_name)
+        newOrg.short_name = req.ctx.query.new_short_name
         agt = setAggregateOrgObj({ short_name: newOrg.short_name })
       } else if (key === 'name') {
-        newOrg.name = decodeEntities(req.ctx.query.name)
+        newOrg.name = req.ctx.query.name
       } else if (key === 'id_quota') {
         newOrg.policies.id_quota = req.ctx.query.id_quota
       } else if (key === 'active_roles.add') {
@@ -439,16 +438,16 @@ async function createUser (req, res, next) {
         }
       } else if (key === 'name') {
         if (req.ctx.body.name.first) {
-          newUser.name.first = decodeEntities(req.ctx.body.name.first)
+          newUser.name.first = req.ctx.body.name.first
         }
         if (req.ctx.body.name.last) {
-          newUser.name.last = decodeEntities(req.ctx.body.name.last)
+          newUser.name.last = req.ctx.body.name.last
         }
         if (req.ctx.body.name.middle) {
-          newUser.name.middle = decodeEntities(req.ctx.body.name.middle)
+          newUser.name.middle = req.ctx.body.name.middle
         }
         if (req.ctx.body.name.suffix) {
-          newUser.name.suffix = decodeEntities(req.ctx.body.name.suffix)
+          newUser.name.suffix = req.ctx.body.name.suffix
         }
       } else if (key === 'org_uuid') {
         return res.status(400).json(error.uuidProvided())
@@ -576,13 +575,13 @@ async function updateUser (req, res, next) {
           return res.status(403).json(error.notAllowedToChangeOrganization())
         }
       } else if (key === 'name.first') {
-        newUser.name.first = decodeEntities(req.ctx.query['name.first'])
+        newUser.name.first = req.ctx.query['name.first']
       } else if (key === 'name.last') {
-        newUser.name.last = decodeEntities(req.ctx.query['name.last'])
+        newUser.name.last = req.ctx.query['name.last']
       } else if (key === 'name.middle') {
-        newUser.name.middle = decodeEntities(req.ctx.query['name.middle'])
+        newUser.name.middle = req.ctx.query['name.middle']
       } else if (key === 'name.suffix') {
-        newUser.name.suffix = decodeEntities(req.ctx.query['name.suffix'])
+        newUser.name.suffix = req.ctx.query['name.suffix']
       } else if (key === 'active') {
         newUser.active = req.ctx.query.active
         changesRequirePrivilegedRole = true