Commit d46b83c6025a2c319d4891372b5f1f20174d84e8

Authored by Lucas Melo
1 parent bf868501

chat.js: escape html tags in messages

ActionItem2682
Showing 1 changed file with 1 additions and 0 deletions   Show diff stats
public/javascripts/chat.js
... ... @@ -99,6 +99,7 @@ jQuery(function($) {
99 99 },
100 100  
101 101 render_body_message: function(body) {
  102 + body = body.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\r?\n/g, '<br>');
102 103 body = $().emoticon(body);
103 104 body = linkify(body, {
104 105 callback: function(text, href) {
... ...