Browse files

Fixed html sanitization

  • Loading branch information...
1 parent b07c319 commit 274ba7320fcaec85ae4872cb810655f3888f9849 Michael Harris committed May 22, 2011
Showing with 18 additions and 3 deletions.
  1. +2 −1 client.js
  2. +16 −2 server.js
View
3 client.js
@@ -152,7 +152,8 @@ util = {
inputHtml = inputHtml.toString();
return inputHtml.replace(/&/g, "&")
.replace(/</g, "&lt;")
- .replace(/>/g, "&gt;");
+ .replace(/>/g, "&gt;")
+ .replace(/\"/g, "&quot;");
},
//pads n with zeros on the left,
View
18 server.js
@@ -20,13 +20,27 @@ var MESSAGE_BACKLOG = 200,
SESSION_TIMEOUT = 60 * 1000;
var channel = new function () {
+ var chanUtils = {
+ toStaticHTML: function(inputHtml) {
+ if (inputHtml) {
+ return inputHtml.toString()
+ .replace(/&/g, "&amp;")
+ .replace(/</g, "&lt;")
+ .replace(/>/g, "&gt;")
+ .replace(/\"/g, "&quot;");
+ } else {
+ return null;
+ }
+ }
+ }
+
var messages = [],
callbacks = [];
this.appendMessage = function (nick, type, text) {
- var m = { nick: nick
+ var m = { nick: chanUtils.toStaticHTML(nick)
, type: type // "msg", "join", "part"
- , text: text
+ , text: chanUtils.toStaticHTML(text)
, timestamp: (new Date()).getTime()
};

0 comments on commit 274ba73

Please sign in to comment.