From 1a67c856978c5b2ff2297fc2346df681170c69d1 Mon Sep 17 00:00:00 2001
From: Shashank <Shashank-In@users.noreply.github.com>
Date: Wed, 3 Jul 2019 14:53:18 +0530
Subject: [PATCH] Shashank/XSS Fix

The endpoint accepts user input value directly. This resulted in an XSS vulnerability.
---
 src/indexPage/endpoint.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/indexPage/endpoint.js b/src/indexPage/endpoint.js
index 872d037d90..255edd5713 100644
--- a/src/indexPage/endpoint.js
+++ b/src/indexPage/endpoint.js
@@ -60,7 +60,7 @@ function addEndpoint(e) {
     $('#error').hide();
     $('#connected').hide();
     e.preventDefault();
-    const serverUrl = $('#server_url').val();
+    const serverUrl = $('#server_url').val().replace(/[><()\/\"\']/g, '');
     const appId = $('#app_id').val();
     setStorage('config.server_url', serverUrl);
     setStorage('config.app_id', appId);