Merge pull request #193 from mikeprimm/master

Properly stringify chat inputs - prevents bad JSON input, potential security exposures
2024-09-26 04:42:36 +02:00 · 2011-06-02 13:21:26 -07:00 · 2011-06-02 13:21:26 -07:00 · b2df79eb9c
commit b2df79eb9c
parent 07f16d1cfb 7f662b2b1a
1 changed files with 1 additions and 1 deletions
--- a/web/js/chat.js
+++ b/web/js/chat.js
@ -21,7 +21,7 @@ componentconstructors['chat'] = function(dynmap, configuration) {
 	if (dynmap.options.allowwebchat) {
 		// Accepts 'sendchat'-events to send chat messages to the server.
 		$(dynmap).bind('sendchat', function(event, message) {
-			var data = '{"name":"'+ip+'","message":"'+message+'"}';
+			var data = '{"name":'+JSON.stringify(ip)+',"message":'+JSON.stringify(message)+'}';
 			$.ajax({
 				type: 'POST',
 				url: 'up/sendmessage',