Merge pull request #753 from accius/Chris-Sandbox

accius · web-flow · commit fbb5b9e24b1a · 2026-03-16T16:25:10.000-04:00
Chris sandbox
diff --git a/server/routes/dxpeditions.js b/server/routes/dxpeditions.js
@@ -36,14 +36,17 @@ module.exports = function (app, ctx) {
       let prev;
       do {
         prev = text;
-        text = text.replace(/<script[^>]*>[\s\S]*?<\/script>/gi, '');
+        text = text.replace(/<script[^>]*>[\s\S]*?<\/script(?:\s[^>]*)?>/gi, '');
       } while (text !== prev);
       do {
         prev = text;
-        text = text.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, '');
+        text = text.replace(/<style[^>]*>[\s\S]*?<\/style(?:\s[^>]*)?>/gi, '');
       } while (text !== prev);
       // Strip any remaining opening script/style tags (malformed HTML)
-      text = text.replace(/<script[^>]*>/gi, '').replace(/<style[^>]*>/gi, '');
+      do {
+        prev = text;
+        text = text.replace(/<script[^>]*>/gi, '').replace(/<style[^>]*>/gi, '');
+      } while (text !== prev);
       text = text
         .replace(/<br\s*\/?>/gi, '\n') // Convert br to newlines
         .replace(/<[^>]+>/g, ' ') // Remove all HTML tags
diff --git a/server/routes/pskreporter.js b/server/routes/pskreporter.js
@@ -492,7 +492,7 @@ module.exports = function (app, ctx) {
         // "Connection closed" errors are expected during reconnects —
         // the on('connect') handler will re-subscribe all active callsigns
         if (err.message && err.message.includes('onnection closed')) return;
-        console.error(`[PSK-MQTT] Subscribe error for ${call}:`, err.message);
+        console.error('[PSK-MQTT] Subscribe error for %s:', call, err.message);
       }
     });
   }
@@ -504,7 +504,7 @@ module.exports = function (app, ctx) {
     pskMqtt.client.unsubscribe([txTopic, rxTopic], (err) => {
       if (err) {
         if (err.message && err.message.includes('onnection closed')) return;
-        console.error(`[PSK-MQTT] Unsubscribe error for ${call}:`, err.message);
+        console.error('[PSK-MQTT] Unsubscribe error for %s:', call, err.message);
       }
     });
   }
@@ -525,9 +525,9 @@ module.exports = function (app, ctx) {
     pskMqtt.client.subscribe([txTopic, rxTopic], { qos: 0 }, (err) => {
       if (err) {
         if (err.message && err.message.includes('onnection closed')) return;
-        console.error(`[PSK-MQTT] Grid subscribe error for ${grid}:`, err.message);
+        console.error('[PSK-MQTT] Grid subscribe error for %s:', grid, err.message);
       } else {
-        console.log(`[PSK-MQTT] Subscribed grid ${grid}`);
+        console.log('[PSK-MQTT] Subscribed grid %s', grid);
       }
     });
   }
@@ -539,7 +539,7 @@ module.exports = function (app, ctx) {
     pskMqtt.client.unsubscribe([txTopic, rxTopic], (err) => {
       if (err) {
         if (err.message && err.message.includes('onnection closed')) return;
-        console.error(`[PSK-MQTT] Grid unsubscribe error for ${grid}:`, err.message);
+        console.error('[PSK-MQTT] Grid unsubscribe error for %s:', grid, err.message);
       }
     });
   }
diff --git a/server/routes/wsjtx.js b/server/routes/wsjtx.js
@@ -481,6 +481,11 @@ module.exports = function (app, ctx) {
     // Reject dangerous msg.id values to prevent prototype pollution on state.clients
     if (msg.id && !isValidSessionId(msg.id)) return;
 
+    // Ensure clients is a prototype-less object to prevent prototype pollution
+    if (!state.clients || Object.getPrototypeOf(state.clients) !== null) {
+      state.clients = Object.assign(Object.create(null), state.clients || {});
+    }
+
     switch (msg.type) {
       case WSJTX_MSG.HEARTBEAT: {
         state.clients[msg.id] = {

Original file line number	Diff line number	Diff line change
`@@ -492,7 +492,7 @@ module.exports = function (app, ctx) {`
`492`	`492`	`// "Connection closed" errors are expected during reconnects —`
`493`	`493`	`// the on('connect') handler will re-subscribe all active callsigns`
`494`	`494`	`if (err.message && err.message.includes('onnection closed')) return;`
`495`		- console.error(`[PSK-MQTT] Subscribe error for ${call}:`, err.message);
	`495`	`+ console.error('[PSK-MQTT] Subscribe error for %s:', call, err.message);`
`496`	`496`	`}`
`497`	`497`	`});`
`498`	`498`	`}`
`@@ -504,7 +504,7 @@ module.exports = function (app, ctx) {`
`504`	`504`	`pskMqtt.client.unsubscribe([txTopic, rxTopic], (err) => {`
`505`	`505`	`if (err) {`
`506`	`506`	`if (err.message && err.message.includes('onnection closed')) return;`
`507`		- console.error(`[PSK-MQTT] Unsubscribe error for ${call}:`, err.message);
	`507`	`+ console.error('[PSK-MQTT] Unsubscribe error for %s:', call, err.message);`
`508`	`508`	`}`
`509`	`509`	`});`
`510`	`510`	`}`
`@@ -525,9 +525,9 @@ module.exports = function (app, ctx) {`
`525`	`525`	`pskMqtt.client.subscribe([txTopic, rxTopic], { qos: 0 }, (err) => {`
`526`	`526`	`if (err) {`
`527`	`527`	`if (err.message && err.message.includes('onnection closed')) return;`
`528`		- console.error(`[PSK-MQTT] Grid subscribe error for ${grid}:`, err.message);
	`528`	`+ console.error('[PSK-MQTT] Grid subscribe error for %s:', grid, err.message);`
`529`	`529`	`} else {`
`530`		- console.log(`[PSK-MQTT] Subscribed grid ${grid}`);
	`530`	`+ console.log('[PSK-MQTT] Subscribed grid %s', grid);`
`531`	`531`	`}`
`532`	`532`	`});`
`533`	`533`	`}`
`@@ -539,7 +539,7 @@ module.exports = function (app, ctx) {`
`539`	`539`	`pskMqtt.client.unsubscribe([txTopic, rxTopic], (err) => {`
`540`	`540`	`if (err) {`
`541`	`541`	`if (err.message && err.message.includes('onnection closed')) return;`
`542`		- console.error(`[PSK-MQTT] Grid unsubscribe error for ${grid}:`, err.message);
	`542`	`+ console.error('[PSK-MQTT] Grid unsubscribe error for %s:', grid, err.message);`
`543`	`543`	`}`
`544`	`544`	`});`
`545`	`545`	`}`