Permalink
Browse files

Update messages_controller.rb

refs #6 fixing XSS vulnerability thanks to @stweigand and @MoD01 !!
  • Loading branch information...
emirn committed Dec 22, 2016
1 parent 03fdad1 commit c41842700e5d42f67329abcf6026b7d8e91d380e
Showing with 1 addition and 0 deletions.
  1. +1 −0 app/controllers/messages_controller.rb
@@ -15,6 +15,7 @@ def create
#battery_charge_discharge(current_user, "send_message")
body = params[:message][:body]
body = body.gsub(/(?:f|ht)tps?:\/[^\s]+/, t("link_removed")).gsub(/<script.*?>[\s\S]*<\/script>/i, "").gsub(/<("[^"]*"|'[^']*'|[^'">])*>/, "")
params[:message][:body] = body
params[:message][:sender_id] = current_user.id
@sender_message = @message = Message.create(message_params)
@sender = @sender_message.sender

0 comments on commit c418427

Please sign in to comment.