Mirrors/overte-HifiExperiments
3
0
Fork 0
mirror of https://github.com/HifiExperiments/overte.git synced 2025-04-05 14:35:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1078 from Armored-Dragon/fix/xss_notificationCore

Browse source 
Sanitize notificationCore text to prevent XSS
This commit is contained in:
Julian Groß 2024-09-02 13:21:45 +02:00 committed by GitHub
commit 82ac56d147
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
scripts/communityScripts/notificationCore/notificationCore.js
View file

@ -21,6 +21,8 @@ var DEFAULT_SIZE = 30;
var DEFAULT_OFFSET = 10;
var FLOOF_NOTIFICATION_CHANNEL = "Floof-Notif";
var MAIN_CHAT_APP_CHANNEL = "Chat";
var ARROW_REGEX = /\</gi;
var offset = DEFAULT_OFFSET;
@ -62,9 +64,11 @@ var notificationCore = {
},
add: function (text, sender, colour) {
sender = sender ? sender : "NoName";
sender = sender.replace(ARROW_REGEX, "&lt;");
colour = colour ? colour : {};
colour.text = colour.text ? colour.text : {red: 255, green: 255, blue: 255};
colour.bg = colour.bg ? colour.bg : {red: 10, green: 10, blue: 10};
text = text.replace(ARROW_REGEX, "&lt;");
var lines = text.split("\n");
for (var i = lines.length - 1; i >= 0; i--) {
if (i === 0) {