codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2024-11-27 09:35:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

+ more than one </script> tag in username no longer breaks the page.

Browse source 
(aka. Javascript never ceases to surprise me)
This commit is contained in:
Dominik Maier 2014-05-21 20:12:46 +02:00
parent 2d03c3f78c
commit b95a475969
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server_setup.coffee
View file

@ -92,7 +92,7 @@ sendMain = (req, res) ->
fs.readFile path.join(__dirname, 'public', 'main.html'), 'utf8', (err, data) ->
log.error "Error modifying main.html: #{err}" if err
# insert the user object directly into the html so the application can have it immediately. Sanitize </script>
data = data.replace('"userObjectTag"', JSON.stringify(UserHandler.formatEntity(req, req.user)).replace('/', '\\/'))
data = data.replace('"userObjectTag"', JSON.stringify(UserHandler.formatEntity(req, req.user)).replace(/\//g, '\\/'))
res.send data
setupFacebookCrossDomainCommunicationRoute = (app) ->