2fd3c2cf43
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
26 lines
1.1 KiB
Diff
26 lines
1.1 KiB
Diff
From f62bba6513ec840761f2434b93168106c7c65a3d Mon Sep 17 00:00:00 2001
|
|
From: Lorenzo Miniero <lminiero@gmail.com>
|
|
Date: Wed, 15 Dec 2021 14:10:01 +0100
|
|
Subject: [PATCH] Fixed missing XSS mitigation (see #2817)
|
|
|
|
[Retrieved from:
|
|
https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d]
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
---
|
|
html/textroomtest.js | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/html/textroomtest.js b/html/textroomtest.js
|
|
index bf95a260a..7d5ae832c 100644
|
|
--- a/html/textroomtest.js
|
|
+++ b/html/textroomtest.js
|
|
@@ -351,7 +351,7 @@ function sendPrivateMsg(username) {
|
|
text: JSON.stringify(message),
|
|
error: function(reason) { bootbox.alert(reason); },
|
|
success: function() {
|
|
- $('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + result);
|
|
+ $('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + escapeXmlTags(result));
|
|
$('#chatroom').get(0).scrollTop = $('#chatroom').get(0).scrollHeight;
|
|
}
|
|
});
|