Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-12 11:36:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

xssClean function added & used by serverMessage

Browse Source 
Replaces 5 x based HTML chars
This commit is contained in:
Matt Pass
2014-04-22 08:55:09 +01:00
parent 493950667b
commit 3926d4468c
2 changed files with 31 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/ice-coder.js
View File

@@ -1425,7 +1425,7 @@ var ICEcoder = {
serverMessage = top.get('serverMessage');
if (message) {
serverMessage.innerHTML = message;
serverMessage.innerHTML = xssClean(message);
serverMessage.style.left = "0";
} else {
setTimeout(function() {serverMessage.style.left = "2000px";},200);
@@ -1987,6 +1987,16 @@ var ICEcoder = {
}
},
// Return safe HTML equivalents
xssClean: function(data) {
return data
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
},
// ==============
// TABS
// ==============