From f0b606c447b44bfd054d6d024a6fa048cb21ce8c Mon Sep 17 00:00:00 2001 From: Nicolas Mora Date: Fri, 8 Apr 2022 16:40:37 -0400 Subject: [PATCH] Escape message that could have been in html form t'was an example program --- .../websocket_example/static/index.html | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/example_programs/websocket_example/static/index.html b/example_programs/websocket_example/static/index.html index 86128e10..23355cfd 100644 --- a/example_programs/websocket_example/static/index.html +++ b/example_programs/websocket_example/static/index.html @@ -22,6 +22,15 @@ var mySocket = false; var curFile = false; + function escapeMessage(htmlStr) { + return htmlStr.replace(/&/g, "&") + .replace(//g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); + + } + function connectSocket(echo) { if (location.protocol === "https:") { mySocket = new WebSocket("wss://" + location.hostname + ":" + location.port + "/websocket" + (echo?"/echo":"")); @@ -32,7 +41,7 @@ if (event.data instanceof Blob) { var message = "
Date: " + (new Date()).toLocaleString() + "

Binary message received: " + event.data.size + " bytes

" } else { - var message = "
Date: " + (new Date()).toLocaleString() + "

Text message received: " + event.data + "

" + var message = "
Date: " + (new Date()).toLocaleString() + "

Text message received: " + escapeMessage(event.data) + "

" } $("#message").append(message); }; @@ -83,7 +92,7 @@ connectSocket(false); } mySocket.send($("#sendMessage").val()); - var message = "
Date: " + (new Date()).toLocaleString() + "

Message sent: " + $("#sendMessage").val() + "

" + var message = "
Date: " + (new Date()).toLocaleString() + "

Message sent: " + escapeMessage($("#sendMessage").val()) + "

" $("#message").append(message); } });