sanitized user view as well

4 years ago · f19fef7c57
2 changed files with 7 additions and 3 deletions
--- a/chatto/src/main/javascript/ts/src/view/UserView.ts
+++ b/chatto/src/main/javascript/ts/src/view/UserView.ts
@ -7,6 +7,7 @@ import { TemplateFactory } from "../template/TemplateFactory";
 import { ActiveUserViewModel } from "../viewmodel/ActiveUserViewModel";
 import { ChatModel } from "../model/ChatModel";
 import log = require("loglevel");
+import * as DOMPurify from "dompurify";

 export class UserView implements Observer {
    private readonly _model: Model;
@ -30,7 +31,8 @@ export class UserView implements Observer {
        data.forEach((element: ActiveUserViewModel) => {
            html += template(element);
        });
-        this._element.innerHTML = html;
+        // this._element.innerHTML = html;
+        $(this._element).html(DOMPurify.sanitize(html));
        this.addUserCallBacks();
        console.log(this._element.innerHTML);
    }
--- a/chatto/src/main/resources/static/js/bundle.js
+++ b/chatto/src/main/resources/static/js/bundle.js