Prevent xss injection scripts

chakany · Feb 7, 2024 · 8b8e02a · 8b8e02a
1 parent 5e156f8
commit 8b8e02a
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/routes/[event]/+page.svelte b/src/routes/[event]/+page.svelte
@@ -106,6 +106,10 @@
 		}
 		return $nostr.postNewEvent(event)
 	}
+
+	function escapeText(text: string): string {
+		return value.toString().replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/'/g, "&#39;").replace(/"/g, "&#34;");
+	}
 </script>
 
 <svelte:head>
@@ -166,7 +170,7 @@
 	{#if data?.tags.find((t) => t[0] === "filename")[1].endsWith(".md")}
 		<SvelteMarkdown source={data.content} />
 	{:else}
-		<HighlightAuto code={data.content} let:highlighted>
+		<HighlightAuto code={(() => escapeText(data.content))()} let:highlighted>
 			<LineNumbers {highlighted} hideBorder wrapLines />
 		</HighlightAuto>
 	{/if}
@@ -180,4 +184,4 @@
 	</div>
 {:catch error}
 	<span>error</span>
-{/await}
+{/await}