From 538f41cf1c11ec648040b99175714bcdb5a0fa8b Mon Sep 17 00:00:00 2001 From: Erik Michelson Date: Wed, 17 Jan 2024 13:31:24 +0100 Subject: [PATCH] fix(opengraph): treat user frontmatter values as String A bug was reported that having frontmatter fields being only numeric results in an error. This seems to be caused as the frontmatter is processed by the yaml-parser but returned with the types as given. So a numeric value is returned as a number, a "true" or "false" is returned as boolean etc. As we expect strings in the template, that resulted in an exception. This commit fixes this by treating every value as string in the template. Since we've got no other usages of opengraph data, this should not have been a security problem. Signed-off-by: Erik Michelson --- public/docs/release-notes.md | 3 +++ public/views/hedgedoc/head.ejs | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 79c0d68f..fee0a924 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -5,6 +5,9 @@ ### Enhancements - Add a pointer to Mermaid 9.1.7 documentation, which is what HedgeDoc 1 supports. +### Bugfixes +- Fix a crash when having numeric-only values in opengraph frontmatter + ## 1.9.9 2023-07-30 HedgeDoc has a new slogan! See [our announcement](https://community.hedgedoc.org/t/and-the-new-slogan-is/) for the details. diff --git a/public/views/hedgedoc/head.ejs b/public/views/hedgedoc/head.ejs index c2321fcc..27ecffb7 100644 --- a/public/views/hedgedoc/head.ejs +++ b/public/views/hedgedoc/head.ejs @@ -6,8 +6,8 @@ <%- include('../includes/favicon') %> <% for (var og in opengraph) { %> -<% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %> - +<% if (opengraph.hasOwnProperty(og) && String(opengraph[og]).trim() !== '') { %> + <% }} if (!opengraph.hasOwnProperty('image')) { %>