Merge pull request #7037 from topcoder-platform/pm-591

hentrymartin · web-flow · commit 3a42fbf8deb3 · 2025-01-21T16:32:38.000+01:00
fix(PM-594, PM-596, PM-606): Regression fixes
diff --git a/src/server/routes/feeds.js b/src/server/routes/feeds.js
@@ -0,0 +1,63 @@
+/**
+ * The routes that expose assets and content from Contentful CMS to the CDN.
+ */
+
+import express from 'express';
+import RSS from 'rss';
+import ReactDOMServer from 'react-dom/server';
+import md from 'utils/markdown';
+import {
+  getService,
+} from '../services/contentful';
+
+const cors = require('cors');
+
+const routes = express.Router();
+
+// Enables CORS on those routes according config above
+// ToDo configure CORS for set of our trusted domains
+routes.use(cors());
+routes.options('*', cors());
+
+routes.get('/thrive', async (req, res, next) => {
+  try {
+    const data = await getService('EDU', 'master', true).queryEntries({
+      content_type: 'article',
+      limit: 20,
+      order: '-sys.createdAt',
+      include: 2,
+      'sys.firstPublishedAt[exists]': true,
+    });
+    const feed = new RSS({
+      title: 'Topcoder Thrive',
+      description: 'Tutorials And Workshops That Matter | Thrive | Topcoder',
+      feed_url: 'https://topcoder.com/api/feeds/thrive',
+      site_url: 'https://topcoder.com/thrive',
+      image_url: 'https://www.topcoder.com/wp-content/uploads/2020/05/cropped-TC-Icon-32x32.png',
+      docs: 'https://www.topcoder.com/thrive/tracks?track=Topcoder',
+      webMaster: '<kiril@wearetopcoder.com> Kiril Kartunov',
+      copyright: '2021 - today, Topcoder',
+      language: 'en',
+      categories: ['Competitive Programming', 'Data Science', 'Design', 'Development', 'QA', 'Gig work', 'Topcoder'],
+      ttl: '60',
+    });
+    if (data && data.total) {
+      data.items.forEach((entry) => {
+        feed.item({
+          title: entry.fields.title,
+          description: ReactDOMServer.renderToString(md(entry.fields.content)),
+          url: `https://topcoder.com/thrive/articles/${entry.fields.slug || encodeURIComponent(entry.fields.title)}?utm_source=thrive&utm_campaign=thrive-feed&utm_medium=rss-feed`,
+          date: entry.sys.createdAt,
+          categories: entry.fields.tags,
+          author: entry.fields.contentAuthor[0].fields.name,
+        });
+      });
+    }
+    res.set('Content-Type', 'application/rss+xml');
+    res.send(feed.xml({ indent: true }));
+  } catch (e) {
+    next(e);
+  }
+});
+
+export default routes;
diff --git a/src/server/services/recruitCRM.js b/src/server/services/recruitCRM.js
@@ -189,7 +189,7 @@ export default class RecruitCRMService {
     try {
       const sanitizedId = xss(req.params.id);
 
-      if (!/^[a-zA-Z0-9-_]{8,20}$/.test(sanitizedId)) {
+      if (!/^[a-zA-Z0-9-_]{8,23}$/.test(sanitizedId)) {
         return res.status(400).json({ error: 'Invalid job ID format.' });
       }
       const response = await fetch(`${this.private.baseUrl}/v1/jobs/${sanitizedId}`, {
diff --git a/src/shared/utils/markdown.js b/src/shared/utils/markdown.js
@@ -129,7 +129,7 @@ const customComponents = {
 };
 
 const unsafeHtmlTags = [
-  'script', 'style', 'iframe', 'object', 'embed', 'applet', 'base',
+  'script', 'iframe', 'object', 'embed', 'applet', 'base',
   'form', 'meta', 'frame', 'frameset', 'marquee', 'svg',
 ];
 

Original file line number	Diff line number	Diff line change
`@@ -189,7 +189,7 @@ export default class RecruitCRMService {`
`189`	`189`	`try {`
`190`	`190`	`const sanitizedId = xss(req.params.id);`
`191`	`191`
`192`		`- if (!/^[a-zA-Z0-9-_]{8,20}$/.test(sanitizedId)) {`
	`192`	`+ if (!/^[a-zA-Z0-9-_]{8,23}$/.test(sanitizedId)) {`
`193`	`193`	`return res.status(400).json({ error: 'Invalid job ID format.' });`
`194`	`194`	`}`
`195`	`195`	const response = await fetch(`${this.private.baseUrl}/v1/jobs/${sanitizedId}`, {