Skip to content

Commit de070fd

Browse files
NexusNullNexusNull
committed
prevent xss
1 parent 7df749e commit de070fd

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

src/client/scripts/Chat.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,11 @@ Chat = class Chat {
5959
}
6060

6161
log(message) {
62-
$(".chat").append(`<span>${message}<br></span>`);
62+
const replacements = [[/&/g, "&amp;"], [/</g, "&lt;"], [/>/g, "&gt;"], [/"/g, "&quot;"]];
63+
for (const replacement of replacements)
64+
message = message.replace(replacement[0], replacement[1]);
65+
66+
this.chatDiv.append(`<span>${message}<br></span>`);
6367
this.scrollToBottom(this.chatDiv);
6468
}
6569

0 commit comments

Comments
 (0)