node-group-chat icon indicating copy to clipboard operation
node-group-chat copied to clipboard
verified publisher icon dkhd

XSS issue

Open weathon opened this issue 5 years ago • 1 comments

If I set my name as <script>alert()</script>, it will pop up a alert. Which is a XSS issue

weathon avatar Jul 01 '20 16:07 weathon

I wrote a function and I think it can fix the issue

xssdangerous = ['&','/', '<', '>', "'", '"', "$","`"] 
function axss(astring)
{
    for (var i = 0; i < xssdangerous.length; i++) {//forget the g
        var regex = new RegExp(xssdangerous[i], "g");
        astring=astring.replace(regex,"&#"+xssdangerous[i].charCodeAt(0)+";")
    }
    return astring;
}

Put it into server

weathon avatar Jul 01 '20 18:07 weathon