Download as
Browse Code »

Commit d46b83c6025a2c319d4891372b5f1f20174d84e8

Authored by Lucas Melo
1 parent bf868501
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

chat.js: escape html tags in messages 

ActionItem2682
Showing 1 changed file with 1 additions and 0 deletions   Show diff stats
public/javascripts/chat.js
  Diff comments   View file @d46b83c
@@ -99,6 +99,7 @@ jQuery(function($) { @@ -99,6 +99,7 @@ jQuery(function($) {
99 }, 99 },
100 100
101 render_body_message: function(body) { 101 render_body_message: function(body) {
  102 + body = body.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\r?\n/g, '<br>');
102 body = $().emoticon(body); 103 body = $().emoticon(body);
103 body = linkify(body, { 104 body = linkify(body, {
104 callback: function(text, href) { 105 callback: function(text, href) {