Sulkta-OSS/dynmap-neoforge
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #193 from mikeprimm/master

Browse source 
Properly stringify chat inputs - prevents bad JSON input, potential security exposures
This commit is contained in:
mikeprimm 2011-06-02 13:21:26 -07:00
commit b2df79eb9c
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/js/chat.js
View file

@ -21,7 +21,7 @@ componentconstructors['chat'] = function(dynmap, configuration) {
if (dynmap.options.allowwebchat) {
// Accepts 'sendchat'-events to send chat messages to the server.
$(dynmap).bind('sendchat', function(event, message) {
var data = '{"name":"'+ip+'","message":"'+message+'"}';
var data = '{"name":'+JSON.stringify(ip)+',"message":'+JSON.stringify(message)+'}';
$.ajax({
type: 'POST',
url: 'up/sendmessage',