nova/Chatto
1
0
Fork 0
Code Issues 7 Pull Requests Releases Wiki Activity

messages are now sanitized for unsafe html/js using DOMPurify

Browse Source
This commit is contained in:
Rohan Sircar 2019-11-06 20:50:57 +05:30
parent 14843cd8f0
commit 08c2ec786c
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
chatto/src/main/resources/static/js/chat.js
View File

@ -125,7 +125,7 @@ function populateMessages(userName, passphrase) {
}
messageLogNew.push(JSON.stringify(context));
$(chatAreaNew).append(msgContainer);
$(chatAreaNew).append(DOMPurify.sanitize(msgContainer));
});
@ -179,7 +179,7 @@ function populateMessages(userName, passphrase) {
}
storedMessagesNew.push(JSON.stringify(context));
$(chatAreaNew).append(msgContainer);
$(chatAreaNew).append(DOMPurify.sanitize(msgContainer));
})
sessionStorage.setItem(userName + '-time', lastMessageTimeStamp);
@ -219,7 +219,7 @@ function populateMessages(userName, passphrase) {
msgContainer = msgContainerTemplate(context);
}
$(chatAreaNew).append(msgContainer);
$(chatAreaNew).append(DOMPurify.sanitize(msgContainer));
})

1
chatto/src/main/resources/templates/chat.html
View File

@ -14,6 +14,7 @@
<link rel="stylesheet" th:href="@{/css/chat.css}" href="../static/css/chat.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.4.2/handlebars.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.0.3/purify.js"></script>
<!-- <script th:src="@{js/my_Crypto.js}" type="text/javascript"></script> -->