Fixed security breach in conversations system

assets/js/common/utils.js

@@ -290,3 +290,30 @@ function checkString(value){
 	return true;
 
 }
+
+/**
+ * Remove HTML carachters : < and >
+ * 
+ * @param {String} input The string to change
+ * @return {String} The updated string
+ */
+function removeHtmlTags(input){
+	
+	//Prepare update
+	var output = input;
+	
+	//Replace opening braces
+	while(output.includes("<")){
+		//Replace an occurence
+		output = output.replace("<", "&lt;");
+	}
+
+	//Replace closing braces
+	while(output.includes(">")){
+		//Replace an occurence
+		output = output.replace(">", "&gt;");
+	}
+	
+	//Return result
+	return output;
+}

assets/js/components/conversations/chatWindows.js

@@ -789,7 +789,7 @@ ComunicWeb.components.conversations.chatWindows = {
 		var textMessage = createElem2({
 			appendTo: messageTargetElem,
 			type: "span",
-			innerHTML: messageInfos.message,
+			innerHTML: removeHtmlTags(messageInfos.message), //Remove HTML tags
 		});
 
 		//Check if an image has to be added