manifold/common/util/clean-username.ts
Marshall Polaris 1075fec53f
Clean up unclean user names ()
* Clean the user's display name on update.

The user's display name should always be clean (see for example
functions/src/create-user.ts). However, change-user-info.ts does not
enforce this, thus potentially allowing a malicious user to change their
name to something that doesn't satisfy the rules for clean display
names.

Note: this cannot happen currently because all callers (in profile.tsx)
clean the name. However, doing it here is good defense in depth
(similar to how the userName is cleaned).

* Update display name max length to 30

* Add a script to hunt down too-long display names

* Make util.isProd a function

* Don't access admin.firestore() on top level of utils.ts

Co-authored-by: Jonas Wagner <ltlygwayh@gmail.com>
2022-06-18 14:31:39 -07:00

13 lines
537 B
TypeScript

export const cleanUsername = (name: string, maxLength = 25) => {
return name
.replace(/\s+/g, '')
.normalize('NFD') // split an accented letter in the base letter and the acent
.replace(/[\u0300-\u036f]/g, '') // remove all previously split accents
.replace(/[^A-Za-z0-9_]/g, '') // remove all chars not letters, numbers and underscores
.substring(0, maxLength)
}
export const cleanDisplayName = (displayName: string, maxLength = 30) => {
return displayName.replace(/\s+/g, ' ').substring(0, maxLength).trim()
}