From 8080cd353bf2c00cb25ebfe9a2fa7d5f0add7a53 Mon Sep 17 00:00:00 2001 From: Holly Date: Tue, 22 Feb 2022 11:00:11 +0000 Subject: [PATCH] probably fix html injection on the janky chat page --- server/Packets/SendPublicMessage.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/Packets/SendPublicMessage.js b/server/Packets/SendPublicMessage.js index 137811f..74264f4 100644 --- a/server/Packets/SendPublicMessage.js +++ b/server/Packets/SendPublicMessage.js @@ -50,7 +50,7 @@ module.exports = function(CurrentUser, CurrentPacket) { // Write chat message to stream asociated with chat channel global.StreamsHandler.sendToStream(CurrentPacket.target, osuPacketWriter.toBuffer, CurrentUser.uuid); if (CurrentPacket.target == "#osu") - global.addChatMessage(`${CurrentUser.username}: ${CurrentPacket.message}`); + global.addChatMessage(`${CurrentUser.username}: ${CurrentPacket.message.replaceAll("<", "<").replaceAll(">", ">")}`); botCommandHandler(CurrentUser, CurrentPacket.message, CurrentPacket.target); return;