Fixing DOM XSS issues, upload issues, and usability issues

2025-12-18 06:24:23 +01:00 · 2015-03-16 16:03:58 -04:00
parent 95e015abe6
commit ac83c8a576
9 changed files with 53 additions and 24 deletions
--- a/static/js/chalboard.js
+++ b/static/js/chalboard.js
@@ -9,6 +9,10 @@ String.prototype.format = String.prototype.f = function() {
    return s;
 };

+function htmlentities(string) {
+    return $('<div/>').text(string).html();
+}
+
 var challenges;

 function loadchal(id) {
@@ -149,7 +153,7 @@ function getsolves(id){
      var id = teams[i].id;
      var name = teams[i].name;
      var date = moment(teams[i].date).local().format('LLL');
-      box.append('<tr><td><a href="/team/{0}">{1}</td><td>{2}</td></tr>'.format(id, name, date));
+      box.append('<tr><td><a href="/team/{0}">{1}</td><td>{2}</td></tr>'.format(id, htmlentities(name), date));
    };
  });
 }