xtr.dev/payload-mailing
1
0
Fork 0
mirror of https://github.com/xtr-dev/payload-mailing.git synced 2025-12-13 01:33:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Eliminate code duplication in email sanitization

Browse Source 
- Create centralized sanitization utilities in utils/helpers.ts
- Add sanitizeDisplayName() with configurable quote escaping
- Add sanitizeFromName() wrapper for consistent fromName handling
- Replace duplicated sanitization logic in sendEmail.ts (9 lines → 1 line)
- Replace duplicated sanitization logic in MailingService.ts (9 lines → 1 line)
- Export new utilities from main index for external use
- Maintain identical functionality while reducing maintenance overhead

Benefits:
- Single source of truth for email header sanitization
- Consistent security handling across all email components
- Easier to maintain and update sanitization logic
- Configurable quote escaping for different use cases

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Bas van den Aakster
2025-09-14 21:52:55 +02:00
parent 8135ff61c2
commit e4a16094d6
4 changed files with 45 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/services/MailingService.ts
View File

@@ -7,6 +7,7 @@ import {
BaseEmail, BaseEmailTemplate, BaseEmailDocument, BaseEmailTemplateDocument
} from '../types/index.js'
import { serializeRichTextToHTML, serializeRichTextToText } from '../utils/richTextSerializer.js'
import { sanitizeDisplayName } from '../utils/helpers.js'
export class MailingService implements IMailingService {
public payload: Payload
@@ -44,17 +45,10 @@ export class MailingService implements IMailingService {
/**
* Sanitizes a display name for use in email headers to prevent header injection
* and ensure proper formatting
* Uses the centralized sanitization utility with quote escaping for headers
*/
private sanitizeDisplayName(name: string): string {
return name
.trim()
// Remove/replace newlines and carriage returns to prevent header injection
.replace(/[\r\n]/g, ' ')
// Remove control characters (except space and printable characters)
.replace(/[\x00-\x1F\x7F-\x9F]/g, '')
// Escape quotes to prevent malformed headers
.replace(/"/g, '\\"')
return sanitizeDisplayName(name, true) // escapeQuotes = true for email headers
}
/**