Fixed missing XSS mitigation (see #2817)

meetecho · Dec 15, 2021 · f62bba6 · f62bba6 · P0cas · Dec 15, 2021
1 parent fd589de
commit f62bba6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/html/textroomtest.js b/html/textroomtest.js
@@ -351,7 +351,7 @@ function sendPrivateMsg(username) {
 				text: JSON.stringify(message),
 				error: function(reason) { bootbox.alert(reason); },
 				success: function() {
-					$('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + result);
+					$('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + escapeXmlTags(result));
 					$('#chatroom').get(0).scrollTop = $('#chatroom').get(0).scrollHeight;
 				}
 			});