Maxim Dolgolyov
be4d43105e
Node.js/Express backend + vanilla JS frontend. Features: real-time collaborative whiteboard (SSE), multi-page support, LaTeX formulas, shapes/connectors, coordinate systems, number lines, compass, zoom/pan, Catmull-Rom pencil smoothing, ruler/protractor with rotation & resize controls, minimap navigation overlay, auto-measurements, multi-page thumbnails sidebar, PNG export, page templates. Student/teacher workflows: classes, assignments, library, dashboard. Mobile responsive. SQLite (better-sqlite3). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
28 lines
788 B
JavaScript
28 lines
788 B
JavaScript
/* ── Shared input sanitization ────────────────────────────────────────── */
|
|
|
|
/**
|
|
* Strip HTML tags from a string.
|
|
* Use on user-supplied text that will be stored or rendered.
|
|
*/
|
|
function stripTags(str) {
|
|
if (typeof str !== 'string') return str;
|
|
let s = str;
|
|
let prev;
|
|
do { prev = s; s = s.replace(/<[^>]*>?/g, ''); } while (s !== prev);
|
|
return s.trim();
|
|
}
|
|
|
|
/**
|
|
* Sanitize an object's string fields in-place.
|
|
* @param {object} obj
|
|
* @param {string[]} fields — keys to sanitize
|
|
*/
|
|
function sanitizeFields(obj, fields) {
|
|
for (const f of fields) {
|
|
if (typeof obj[f] === 'string') obj[f] = stripTags(obj[f]);
|
|
}
|
|
return obj;
|
|
}
|
|
|
|
module.exports = { stripTags, sanitizeFields };
|