mirror of
https://github.com/pierre42100/ComunicWeb
synced 2024-12-27 03:08:51 +00:00
Fixed security breach in conversations system
This commit is contained in:
parent
798e43d446
commit
6251d47ca0
@ -289,4 +289,31 @@ function checkString(value){
|
||||
//Success, the string seems to be valid
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove HTML carachters : < and >
|
||||
*
|
||||
* @param {String} input The string to change
|
||||
* @return {String} The updated string
|
||||
*/
|
||||
function removeHtmlTags(input){
|
||||
|
||||
//Prepare update
|
||||
var output = input;
|
||||
|
||||
//Replace opening braces
|
||||
while(output.includes("<")){
|
||||
//Replace an occurence
|
||||
output = output.replace("<", "<");
|
||||
}
|
||||
|
||||
//Replace closing braces
|
||||
while(output.includes(">")){
|
||||
//Replace an occurence
|
||||
output = output.replace(">", ">");
|
||||
}
|
||||
|
||||
//Return result
|
||||
return output;
|
||||
}
|
@ -789,7 +789,7 @@ ComunicWeb.components.conversations.chatWindows = {
|
||||
var textMessage = createElem2({
|
||||
appendTo: messageTargetElem,
|
||||
type: "span",
|
||||
innerHTML: messageInfos.message,
|
||||
innerHTML: removeHtmlTags(messageInfos.message), //Remove HTML tags
|
||||
});
|
||||
|
||||
//Check if an image has to be added
|
||||
|
Loading…
Reference in New Issue
Block a user