From 37f406235f8591d8302836cd5c866525e0177712 Mon Sep 17 00:00:00 2001 From: Simon Eisenmann Date: Fri, 11 Apr 2014 18:54:35 +0200 Subject: [PATCH] Properly sanitize room names in chat. --- static/js/directives/chat.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/static/js/directives/chat.js b/static/js/directives/chat.js index 58880c4a..019c8a8b 100644 --- a/static/js/directives/chat.js +++ b/static/js/directives/chat.js @@ -20,7 +20,7 @@ */ define(['underscore', 'text!partials/chat.html', 'text!partials/chatroom.html'], function(_, templateChat, templateChatroom) { - return ["$compile", "safeDisplayName", "mediaStream", "safeApply", "desktopNotify", "translation", "playSound", "fileUpload", "randomGen", "buddyData", "$timeout", function($compile, safeDisplayName, mediaStream, safeApply, desktopNotify, translation, playSound, fileUpload, randomGen, buddyData, $timeout) { + return ["$compile", "safeDisplayName", "mediaStream", "safeApply", "desktopNotify", "translation", "playSound", "fileUpload", "randomGen", "buddyData", "$timeout", "$sanitize", function($compile, safeDisplayName, mediaStream, safeApply, desktopNotify, translation, playSound, fileUpload, randomGen, buddyData, $timeout, $sanitize) { var displayName = safeDisplayName; var group_chat_id = ""; @@ -421,7 +421,7 @@ define(['underscore', 'text!partials/chat.html', 'text!partials/chatroom.html'], scope.$on("room", function(event, room) { var subscope = scope.showGroupRoom(null, {restore: true, noenable: true, noactivate: true}); if (room) { - var msg = translation._("You are now in room %s ...", room); + var msg = translation._("You are now in room %s ...", $sanitize(room)); subscope.$broadcast("display", null, $(""+msg+"")); } });