Fix: XSS in chat
This commit is contained in:
parent
b7480f1896
commit
af04c1a18f
|
@ -151,13 +151,20 @@ export class DiscussionManager {
|
||||||
this.nbpParticipants.innerText = `PARTICIPANTS (${nb})`;
|
this.nbpParticipants.innerText = `PARTICIPANTS (${nb})`;
|
||||||
}
|
}
|
||||||
|
|
||||||
private urlify(text: string) {
|
private escapeHtml(html: string): string {
|
||||||
|
const textReturn : HTMLSpanElement = document.createElement('span');
|
||||||
|
const text = document.createTextNode(html);
|
||||||
|
textReturn.innerText = text;
|
||||||
|
const p = document.createElement('p');
|
||||||
|
p.appendChild(text);
|
||||||
|
return p.innerHTML;
|
||||||
|
}
|
||||||
|
private urlify(text: string) : string {
|
||||||
const urlRegex = /(https?:\/\/[^\s]+)/g;
|
const urlRegex = /(https?:\/\/[^\s]+)/g;
|
||||||
|
text = this.escapeHtml(text);
|
||||||
return text.replace(urlRegex, (url: string) => {
|
return text.replace(urlRegex, (url: string) => {
|
||||||
return '<a href="' + url + '" target="_blank">' + url + '</a>';
|
return '<a href="' + url + '" target="_blank" style=":visited {color: white}">' + url + '</a>';
|
||||||
})
|
});
|
||||||
// or alternatively
|
|
||||||
// return text.replace(urlRegex, '<a href="$1">$1</a>')
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public addMessage(name: string, message: string, isMe: boolean = false) {
|
public addMessage(name: string, message: string, isMe: boolean = false) {
|
||||||
|
|
Loading…
Reference in a new issue