xtr.dev/payload-mailing
1
0
Fork 0
mirror of https://github.com/xtr-dev/payload-mailing.git synced 2025-12-11 16:53:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Eliminate code duplication in email sanitization

Browse Source 
- Create centralized sanitization utilities in utils/helpers.ts
- Add sanitizeDisplayName() with configurable quote escaping
- Add sanitizeFromName() wrapper for consistent fromName handling
- Replace duplicated sanitization logic in sendEmail.ts (9 lines → 1 line)
- Replace duplicated sanitization logic in MailingService.ts (9 lines → 1 line)
- Export new utilities from main index for external use
- Maintain identical functionality while reducing maintenance overhead

Benefits:
- Single source of truth for email header sanitization
- Consistent security handling across all email components
- Easier to maintain and update sanitization logic
- Configurable quote escaping for different use cases

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Bas van den Aakster
2025-09-14 21:52:55 +02:00
parent 8135ff61c2
commit e4a16094d6
4 changed files with 45 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/utils/helpers.ts
View File

@@ -36,6 +36,44 @@ export const parseAndValidateEmails = (emails: string | string[] | null | undefi
return emailList
}
/**
* Sanitize display names to prevent email header injection
* Removes newlines, carriage returns, and control characters
* @param displayName - The display name to sanitize
* @param escapeQuotes - Whether to escape quotes (for email headers)
* @returns Sanitized display name
*/
export const sanitizeDisplayName = (displayName: string, escapeQuotes = false): string => {
if (!displayName) return displayName
let sanitized = displayName
.trim()
// Remove/replace newlines and carriage returns to prevent header injection
.replace(/[\r\n]/g, ' ')
// Remove control characters (except space and printable characters)
.replace(/[\x00-\x1F\x7F-\x9F]/g, '')
// Escape quotes if needed (for email headers)
if (escapeQuotes) {
sanitized = sanitized.replace(/"/g, '\\"')
}
return sanitized
}
/**
* Sanitize and validate fromName for emails
* Wrapper around sanitizeDisplayName for consistent fromName handling
* @param fromName - The fromName to sanitize
* @returns Sanitized fromName or undefined if empty after sanitization
*/
export const sanitizeFromName = (fromName: string | null | undefined): string | undefined => {
if (!fromName) return undefined
const sanitized = sanitizeDisplayName(fromName, false)
return sanitized.length > 0 ? sanitized : undefined
}
export const getMailing = (payload: Payload) => {
const mailing = (payload as any).mailing
if (!mailing) {