2
1
mirror of https://github.com/s00500/nodeMessageBoard.git synced 2024-11-22 04:20:58 +00:00

Added html escaping

This commit is contained in:
Lukas Bachschwell 2016-03-25 11:19:56 +01:00
parent d1a2c2231d
commit 3938535404

View File

@ -31,6 +31,18 @@ function ucs2Parse(ucs2){
return returnString; return returnString;
} }
// utility function for escaping HTML tags
function escapeHtml(unsafe) {
return unsafe
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}
// handle contains locations to browse to (vote and poll); pathnames. // handle contains locations to browse to (vote and poll); pathnames.
function startServer(route,handle,debug) function startServer(route,handle,debug)
@ -139,7 +151,7 @@ function serialListener(debug)
if (color == null)color = 0;//no messages yet if (color == null)color = 0;//no messages yet
color++; color++;
if(color > 4) color = 0; if(color > 4) color = 0;
var messageRecieved = ucs2Parse(data); var messageRecieved = escapeHtml(ucs2Parse(data));
db('messages').push({ numberString: numberStringRecieved,number: numberRecieved, time: timeRecieved, message: messageRecieved,color: color }); db('messages').push({ numberString: numberStringRecieved,number: numberRecieved, time: timeRecieved, message: messageRecieved,color: color });
//add a new message to the board directly //add a new message to the board directly
socketServer.emit('newMessage', timeRecieved, numberRecieved, convert(messageRecieved),color); socketServer.emit('newMessage', timeRecieved, numberRecieved, convert(messageRecieved),color);