fix(FEC-12347): sanitize before Json parse (#576)

the issue: in some cases we might get "invalid" data from BE, such as: entryName: 'invalid \t name'. at some point we are evaluating the data and executing Json.parse, which then fails; such failure is causing the player to not send analytics. Description of the Changes add sanitize function before calling Json.parse to omit invalid json chars. Solves FEC-12347
kaltura · Sep 25, 2022 · 5e558ba · 5e558ba
1 parent ed67aa0
commit 5e558ba
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/src/common/plugins/plugins-config.js b/src/common/plugins/plugins-config.js
@@ -2,9 +2,11 @@
 import {PluginConfigStore, templateRegex} from 'plugins-config-store';
 import evaluate from '../utils/evaluate';
 import {getReferrer} from '../utils/kaltura-params';
-import {Utils} from '@playkit-js/playkit-js';
+import {Utils, getLogger} from '@playkit-js/playkit-js';
 import {getServerUIConf} from '../utils/setup-helpers';
 
+const logger = getLogger('PluginsConfig');
+
 /**
  * returns whether value is evaluated
  * @private
@@ -141,6 +143,30 @@ function getEncodedReferrer(): string {
   return encodeURIComponent(referrer);
 }
 
+/**
+ * @private
+ * @param {string} text - the string to sanitize
+ * @returns {string} - the sanitized string
+ * @private
+ */
+function _sanitize(text: string): string {
+  if (!text) return '';
+  return (
+    text
+      .replace(/\\n/g, '\\n')
+      .replace(/\\'/g, "\\'")
+      .replace(/\\"/g, '\\"')
+      .replace(/\\&/g, '\\&')
+      .replace(/\\r/g, '\\r')
+      .replace(/\\t/g, '\\t')
+      .replace(/\\b/g, '\\b')
+      .replace(/\\f/g, '\\f')
+      // remove non-printable and other non-valid JSON chars
+      // eslint-disable-next-line no-control-regex
+      .replace(/[\u0000-\u0019]+/g, '')
+  );
+}
+
 /**
  *
  * @param {string} config - the config string
@@ -149,6 +175,7 @@ function getEncodedReferrer(): string {
  */
 function _formatConfigString(config: string): Object {
   let configObj;
+  config = _sanitize(config);
   try {
     configObj = JSON.parse(config, function (key) {
       try {
@@ -158,10 +185,12 @@ function _formatConfigString(config: string): Object {
       }
     });
   } catch (e) {
+    logger.error('An error occurred while formatting config string.', e);
     configObj = {};
   }
   return configObj;
 }
+
 /**
  * @param {Object} data - target config object
  * @param {Object} evaluatedConfig - the evaluated object

diff --git a/test/src/common/plugin/plugins-config.spec.js b/test/src/common/plugin/plugins-config.spec.js
@@ -132,6 +132,14 @@ describe('evaluatePluginsConfig', () => {
     pluginsConfig.kava.should.have.property('playerVersion');
     pluginsConfig.kava.playerVersion.should.equal(__VERSION__);
   });
+
+  it('should sanitize the entryName', () => {
+    playerConfig.sources = {metadata: {name: 'invalid\tname'}};
+    pluginsConfig.kava.entryName = '{{entryName}}';
+    configEvaluator.evaluatePluginsConfig(pluginsConfig, playerConfig);
+    pluginsConfig.kava.should.have.property('entryName');
+    pluginsConfig.kava.entryName.should.equal('invalidname');
+  });
 });
 
 describe('getEncodedReferrer', () => {