From b4e97b2b7b06c2a73592c0a3591ae8e408f8730b Mon Sep 17 00:00:00 2001
From: "Cathy J. Fitzpatrick" <cathy@cathyjf.com>
Date: Sun, 21 Apr 2013 00:08:40 -0700
Subject: [PATCH] Fix another XSS

---
 js/sim.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/js/sim.js b/js/sim.js
index 9f7c723c8..a01780536 100644
--- a/js/sim.js
+++ b/js/sim.js
@@ -1959,6 +1959,9 @@ function Lobby(id, elem) {
 			for (var id in data.rooms) {
 				var roomData = data.rooms[id];
 				var matches = selfR.parseBattleID(id);
+				if (!matches) {
+					continue; // bogus room ID could be used to inject JavaScript
+				}
 				var format = (matches ? '<small>[' + matches[1] + ']</small><br />' : '');
 				var roomDesc = format + '<em class="p1">' + Tools.escapeHTML(roomData.p1) + '</em> <small class="vs">vs.</small> <em class="p2">' + Tools.escapeHTML(roomData.p2) + '</em>';
 				if (!roomData.p1) {