lbehm/workadventure
1
0
Fork 0
Code Issues Pull requests Releases Activity

Fix: XSS in chat

Browse source
This commit is contained in:
Ludwig Behm 2021-03-16 20:27:06 +01:00
parent b7480f1896
commit af04c1a18f
1 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
front/src/WebRtc/DiscussionManager.ts
View file

@ -151,13 +151,20 @@ export class DiscussionManager {
this.nbpParticipants.innerText = `PARTICIPANTS (${nb})`; this.nbpParticipants.innerText = `PARTICIPANTS (${nb})`;
} }
private urlify(text: string) { private escapeHtml(html: string): string {
const textReturn : HTMLSpanElement = document.createElement('span');
const text = document.createTextNode(html);
textReturn.innerText = text;
const p = document.createElement('p');
p.appendChild(text);
return p.innerHTML;
}
private urlify(text: string) : string {
const urlRegex = /(https?:\/\/[^\s]+)/g; const urlRegex = /(https?:\/\/[^\s]+)/g;
text = this.escapeHtml(text);
return text.replace(urlRegex, (url: string) => { return text.replace(urlRegex, (url: string) => {
return '<a href="' + url + '" target="_blank">' + url + '</a>'; return '<a href="' + url + '" target="_blank" style=":visited {color: white}">' + url + '</a>';
}) });
// or alternatively
// return text.replace(urlRegex, '<a href="$1">$1</a>')
} }
public addMessage(name: string, message: string, isMe: boolean = false) { public addMessage(name: string, message: string, isMe: boolean = false) {
@ -231,4 +238,4 @@ export class DiscussionManager {
} }
} }
export const discussionManager = new DiscussionManager(); export const discussionManager = new DiscussionManager();