codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2025-03-31 07:12:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request from domenukk/fixxss

Browse source 
+ </script> tag in username no longer breaks the page
This commit is contained in:
Nick Winter 2014-05-19 15:47:57 -07:00
commit 3c3fbf3836
1 changed files with 2 additions and 2 deletions

4
server_setup.coffee
View file

@ -91,8 +91,8 @@ setupFallbackRouteToIndex = (app) ->
sendMain = (req, res) ->
fs.readFile path.join(__dirname, 'public', 'main.html'), 'utf8', (err, data) ->
log.error "Error modifying main.html: #{err}" if err
# insert the user object directly into the html so the application can have it immediately
data = data.replace('"userObjectTag"', JSON.stringify(UserHandler.formatEntity(req, req.user)))
# insert the user object directly into the html so the application can have it immediately. Sanitize </script>
data = data.replace('"userObjectTag"', JSON.stringify(UserHandler.formatEntity(req, req.user)).replace('/', '\\/'))
res.send data
setupFacebookCrossDomainCommunicationRoute = (app) ->