Skip to content

Commit

Permalink
Escaping for hax0rs
Browse files Browse the repository at this point in the history
  • Loading branch information
@rauchg
rauchg committed Jul 29, 2010
1 parent 79faa40 commit 830fe23
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
8 changes: 6 additions & 2 deletions example/chat.html
View file
Expand Up @@ -12,8 +12,8 @@

function message(obj){
var el = document.createElement('p');
if ('announcement' in obj) el.innerHTML = '<em>' + obj.announcement;
else if ('message' in obj) el.innerHTML = '<b>' + obj.message[0] + ':</b> ' + obj.message[1];
if ('announcement' in obj) el.innerHTML = '<em>' + esc(obj.announcement) + '</em>';
else if ('message' in obj) el.innerHTML = '<b>' + esc(obj.message[0]) + ':</b> ' + esc(obj.message[1]);
document.getElementById('chat').appendChild(el);
document.getElementById('chat').scrollTop = 1000000;
}
Expand All @@ -24,6 +24,10 @@
message({ message: ['you', val] });
document.getElementById('text').value = '';
}

function esc(msg){
return msg.replace(/</g, '&lt;').replace(/>/g, '&gt;');
};

var socket = new io.Socket(null, {rememberTransport: false, port: 8080});
socket.connect();
Expand Down
2 changes: 1 addition & 1 deletion example/client
Submodule client updated from 9ce1d7 to ad76f7

0 comments on commit 830fe23

Please sign in to comment.