Fix DOMPurify paths.

Thanks to xet7 !
2025-12-16 07:20:12 +01:00 · 2025-10-11 00:49:43 +03:00 · 2025-10-11 00:49:43 +03:00 · 90899f0928
commit 90899f0928
parent 573d4bf2cb
9 changed files with 12 additions and 12 deletions
--- a/models/cardComments.js
+++ b/models/cardComments.js
@ -1,7 +1,7 @@
 import { ReactiveCache } from '/imports/reactiveCache';
 import escapeForRegex from 'escape-string-regexp';
 import DOMPurify from 'dompurify';
-import { sanitizeText } from '/client/lib/secureDOMPurify';
+import { sanitizeText } from '../client/lib/secureDOMPurify';

 CardComments = new Mongo.Collection('card_comments');

--- a/models/cards.js
+++ b/models/cards.js
@ -1759,7 +1759,7 @@ Cards.helpers({
    // Sanitize title on client side as well
    let sanitizedTitle = title;
    if (typeof title === 'string') {
-      const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+      const { sanitizeTitle } = require('../server/lib/inputSanitizer');
      sanitizedTitle = sanitizeTitle(title);
      if (process.env.DEBUG === 'true' && sanitizedTitle !== title) {
        console.warn('Client-side sanitized card title:', title, '->', sanitizedTitle);
@ -3575,7 +3575,7 @@ JsonRoutes.add('GET', '/api/boards/:boardId/cards_count', function(
      Authentication.checkBoardAccess(req.userId, paramBoardId);

      if (req.body.title) {
-        const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+        const { sanitizeTitle } = require('../server/lib/inputSanitizer');
        const newTitle = sanitizeTitle(req.body.title);

        if (process.env.DEBUG === 'true' && newTitle !== req.body.title) {
--- a/models/lists.js
+++ b/models/lists.js
@ -315,7 +315,7 @@ Lists.mutations({
  rename(title) {
    // Sanitize title on client side as well
    if (typeof title === 'string') {
-      const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+      const { sanitizeTitle } = require('../server/lib/inputSanitizer');
      const sanitizedTitle = sanitizeTitle(title);
      if (process.env.DEBUG === 'true' && sanitizedTitle !== title) {
        console.warn('Client-side sanitized list title:', title, '->', sanitizedTitle);
@ -653,7 +653,7 @@ if (Meteor.isServer) {

      // Update title if provided
      if (req.body.title) {
-        const { sanitizeTitle } = require('/server/lib/inputSanitizer');
+        const { sanitizeTitle } = require('../server/lib/inputSanitizer');
        const newTitle = sanitizeTitle(req.body.title);

        if (process.env.DEBUG === 'true' && newTitle !== req.body.title) {