Leahnaya/pokemon-showdown-client
1
0
Fork 0
mirror of https://github.com/smogon/pokemon-showdown-client.git synced 2026-06-03 06:18:12 -05:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix another XSS

Browse Source
This commit is contained in:
Cathy J. Fitzpatrick 2013-04-21 00:08:40 -07:00
parent b4ed4055b2
commit b4e97b2b7b
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/sim.js
View File

@ -1959,6 +1959,9 @@ function Lobby(id, elem) {
for (var id in data.rooms) {
var roomData = data.rooms[id];
var matches = selfR.parseBattleID(id);
if (!matches) {
continue; // bogus room ID could be used to inject JavaScript
}
var format = (matches ? '<small>[' + matches[1] + ']</small><br />' : '');
var roomDesc = format + '<em class="p1">' + Tools.escapeHTML(roomData.p1) + '</em> <small class="vs">vs.</small> <em class="p2">' + Tools.escapeHTML(roomData.p2) + '</em>';
if (!roomData.p1) {