'use strict';
const safeCurl = require('../../lib/extend/safe_curl');
const INPUT_CSRF = '\r\n';
exports.injectCsrf = function injectCsrf(tmplStr) {
tmplStr = tmplStr.replace(/()([\s\S]*?)<\/form>/gi, function replaceCsrf(_, $1, $2) {
const match = $2;
if (match.indexOf('name="_csrf"') !== -1 || match.indexOf('name=\'_csrf\'') !== -1) {
return $1 + match + '';
}
return $1 + match + INPUT_CSRF;
});
return tmplStr;
};
exports.injectNonce = function injectNonce(tmplStr) {
tmplStr = tmplStr.replace(/([\s\S]*?)<\/script[^>]*?>/gi, function replaceNonce(_, $1, $2) {
if ($1.indexOf('nonce=') === -1) {
$1 += ' nonce="{{ctx.nonce}}"';
}
return '' + $2 + '';
});
return tmplStr;
};
const INJECTION_DEFENSE = '';
exports.injectHijackingDefense = function injectHijackingDefense(tmplStr) {
return INJECTION_DEFENSE + tmplStr + INJECTION_DEFENSE;
};
exports.safeCurl = safeCurl;