Skip to content
Permalink
Browse files

escape teaser content

  • Loading branch information
barisusakli committed Aug 16, 2017
1 parent 8ff9fe3 commit df069ee78dcfba250cebd2f120a1951e4e26a4ac
Showing with 2 additions and 0 deletions.
  1. +2 −0 src/messaging.js
@@ -3,6 +3,7 @@

var async = require('async');
var S = require('string');
var validator = require('validator');

var db = require('./database');
var user = require('./user');
@@ -211,6 +212,7 @@ Messaging.getTeaser = function (uid, roomId, callback) {
}
if (teaser.content) {
teaser.content = S(teaser.content).stripTags().decodeHTMLEntities().s;
teaser.content = validator.escape(String(teaser.content));
}

teaser.timestampISO = utils.toISOString(teaser.timestamp);

0 comments on commit df069ee

Please sign in to comment.