diff --git a/bigbluebutton-html5/imports/api/common/server/helpers.js b/bigbluebutton-html5/imports/api/common/server/helpers.js
index 9cb8f66dc26d..56a414231422 100755
--- a/bigbluebutton-html5/imports/api/common/server/helpers.js
+++ b/bigbluebutton-html5/imports/api/common/server/helpers.js
@@ -1,9 +1,34 @@
import Users from '/imports/api/users';
import Logger from '/imports/startup/server/logger';
+import RegexWebUrl from '/imports/utils/regex-weburl';
const MSG_DIRECT_TYPE = 'DIRECT';
const NODE_USER = 'nodeJSapp';
+const HTML_SAFE_MAP = {
+ '<': '<',
+ '>': '>',
+ '"': '"',
+ "'": ''',
+};
+
+export const parseMessage = (message) => {
+ let parsedMessage = message || '';
+ parsedMessage = parsedMessage.trim();
+
+ // Replace
with \n\r
+ parsedMessage = parsedMessage.replace(//gi, '\n\r');
+
+ // Sanitize. See: http://shebang.brandonmintern.com/foolproof-html-escaping-in-javascript/
+ parsedMessage = parsedMessage.replace(/[<>'"]/g, (c) => HTML_SAFE_MAP[c]);
+
+ // Replace flash links to flash valid ones
+ parsedMessage = parsedMessage.replace(RegexWebUrl, "$&");
+
+ return parsedMessage;
+};
+
+
export const spokeTimeoutHandles = {};
export const clearSpokeTimeout = (meetingId, userId) => {
if (spokeTimeoutHandles[`${meetingId}-${userId}`]) {
diff --git a/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/sendGroupChatMsg.js b/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/sendGroupChatMsg.js
index 28593f602ffe..f4caf78df677 100644
--- a/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/sendGroupChatMsg.js
+++ b/bigbluebutton-html5/imports/api/group-chat-msg/server/methods/sendGroupChatMsg.js
@@ -1,32 +1,9 @@
import { Meteor } from 'meteor/meteor';
import { check } from 'meteor/check';
import RedisPubSub from '/imports/startup/server/redis';
-import RegexWebUrl from '/imports/utils/regex-weburl';
-import { extractCredentials } from '/imports/api/common/server/helpers';
-import Logger from '/imports/startup/server/logger';
-
-const HTML_SAFE_MAP = {
- '<': '<',
- '>': '>',
- '"': '"',
- "'": ''',
-};
-
-const parseMessage = (message) => {
- let parsedMessage = message || '';
- parsedMessage = parsedMessage.trim();
-
- // Replace
with \n\r
- parsedMessage = parsedMessage.replace(//gi, '\n\r');
- // Sanitize. See: http://shebang.brandonmintern.com/foolproof-html-escaping-in-javascript/
- parsedMessage = parsedMessage.replace(/[<>'"]/g, (c) => HTML_SAFE_MAP[c]);
-
- // Replace flash links to flash valid ones
- parsedMessage = parsedMessage.replace(RegexWebUrl, "$&");
-
- return parsedMessage;
-};
+import { extractCredentials, parseMessage } from '/imports/api/common/server/helpers';
+import Logger from '/imports/startup/server/logger';
export default function sendGroupChatMsg(chatId, message) {
const REDIS_CONFIG = Meteor.settings.private.redis;
diff --git a/bigbluebutton-html5/imports/api/group-chat-msg/server/modifiers/addBulkGroupChatMsgs.js b/bigbluebutton-html5/imports/api/group-chat-msg/server/modifiers/addBulkGroupChatMsgs.js
index 372bfa003469..262e3a3f7b80 100644
--- a/bigbluebutton-html5/imports/api/group-chat-msg/server/modifiers/addBulkGroupChatMsgs.js
+++ b/bigbluebutton-html5/imports/api/group-chat-msg/server/modifiers/addBulkGroupChatMsgs.js
@@ -2,7 +2,7 @@ import { GroupChatMsg } from '/imports/api/group-chat-msg';
import GroupChat from '/imports/api/group-chat';
import Logger from '/imports/startup/server/logger';
import flat from 'flat';
-import { parseMessage } from './addGroupChatMsg';
+import { parseMessage } from '/imports/api/common/server/helpers';
export default async function addBulkGroupChatMsgs(msgs) {
if (!msgs.length) return;
diff --git a/bigbluebutton-html5/imports/api/guest-users/server/methods/setGuestLobbyMessage.js b/bigbluebutton-html5/imports/api/guest-users/server/methods/setGuestLobbyMessage.js
index d3c8f6b0e6d4..544de8c85cca 100644
--- a/bigbluebutton-html5/imports/api/guest-users/server/methods/setGuestLobbyMessage.js
+++ b/bigbluebutton-html5/imports/api/guest-users/server/methods/setGuestLobbyMessage.js
@@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor';
import { check } from 'meteor/check';
import RedisPubSub from '/imports/startup/server/redis';
import Logger from '/imports/startup/server/logger';
-import { extractCredentials } from '/imports/api/common/server/helpers';
+import { extractCredentials, parseMessage } from '/imports/api/common/server/helpers';
const REDIS_CONFIG = Meteor.settings.private.redis;
const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
@@ -16,8 +16,7 @@ export default function setGuestLobbyMessage(message) {
check(meetingId, String);
check(requesterUserId, String);
-
- const payload = { message };
+ const payload = { message: parseMessage(message) };
Logger.info(`User=${requesterUserId} set guest lobby message to ${message}`);
diff --git a/bigbluebutton-html5/imports/api/guest-users/server/methods/setPrivateGuestLobbyMessage.js b/bigbluebutton-html5/imports/api/guest-users/server/methods/setPrivateGuestLobbyMessage.js
index 425c8c62549b..72aad7014395 100644
--- a/bigbluebutton-html5/imports/api/guest-users/server/methods/setPrivateGuestLobbyMessage.js
+++ b/bigbluebutton-html5/imports/api/guest-users/server/methods/setPrivateGuestLobbyMessage.js
@@ -2,7 +2,8 @@ import { Meteor } from 'meteor/meteor';
import { check } from 'meteor/check';
import RedisPubSub from '/imports/startup/server/redis';
import Logger from '/imports/startup/server/logger';
-import { extractCredentials } from '/imports/api/common/server/helpers';
+import { extractCredentials, parseMessage } from '/imports/api/common/server/helpers';
+
const REDIS_CONFIG = Meteor.settings.private.redis;
const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
@@ -17,7 +18,7 @@ export default function setPrivateGuestLobbyMessage(message, guestId) {
check(meetingId, String);
check(requesterUserId, String);
- const payload = { guestId, message };
+ const payload = { guestId, message: parseMessage(message) };
Logger.info(`User=${requesterUserId} sent a private guest lobby message to guest user=${guestId}`);