From 08c2ec786c346662a38efb4759386ae3d4828588 Mon Sep 17 00:00:00 2001 From: Rohan Sircar Date: Wed, 6 Nov 2019 20:50:57 +0530 Subject: [PATCH] messages are now sanitized for unsafe html/js using DOMPurify --- chatto/src/main/resources/static/js/chat.js | 6 +++--- chatto/src/main/resources/templates/chat.html | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/chatto/src/main/resources/static/js/chat.js b/chatto/src/main/resources/static/js/chat.js index 11325e7..0c0aded 100644 --- a/chatto/src/main/resources/static/js/chat.js +++ b/chatto/src/main/resources/static/js/chat.js @@ -125,7 +125,7 @@ function populateMessages(userName, passphrase) { } messageLogNew.push(JSON.stringify(context)); - $(chatAreaNew).append(msgContainer); + $(chatAreaNew).append(DOMPurify.sanitize(msgContainer)); }); @@ -179,7 +179,7 @@ function populateMessages(userName, passphrase) { } storedMessagesNew.push(JSON.stringify(context)); - $(chatAreaNew).append(msgContainer); + $(chatAreaNew).append(DOMPurify.sanitize(msgContainer)); }) sessionStorage.setItem(userName + '-time', lastMessageTimeStamp); @@ -219,7 +219,7 @@ function populateMessages(userName, passphrase) { msgContainer = msgContainerTemplate(context); } - $(chatAreaNew).append(msgContainer); + $(chatAreaNew).append(DOMPurify.sanitize(msgContainer)); }) diff --git a/chatto/src/main/resources/templates/chat.html b/chatto/src/main/resources/templates/chat.html index 2ab9e8c..799a8da 100644 --- a/chatto/src/main/resources/templates/chat.html +++ b/chatto/src/main/resources/templates/chat.html @@ -14,6 +14,7 @@ +