plugins: sanitize user input before passing it to plugins

2015-10-16 15:13:53 -04:00 · 2015-10-16 15:13:53 -04:00 · 0afa7bc184
parent 94f5445742
commit 0afa7bc184
1 changed files with 5 additions and 3 deletions
--- a/js/plugins.js
+++ b/js/plugins.js
@ -57,7 +57,7 @@ var UrlPlugin = function(name, urlCallback) {
 * to display when messages are received.
 *
 */
-plugins.service('plugins', ['userPlugins', '$sce', function(userPlugins, $sce) {
+    plugins.service('plugins', ['userPlugins', '$sce', '$sanitize', function(userPlugins, $sce, $sanitize) {

    /*
     * Defines the plugin manager object
@ -85,7 +85,7 @@ plugins.service('plugins', ['userPlugins', '$sce', function(userPlugins, $sce) {
         */
        var contentForMessage = function(message) {
            message.metadata = [];
-
+            message.text = $sanitize(message.text);
            var addPluginContent = function(content, pluginName, num) {
                if (num) {
                    pluginName += " " + num;
@ -110,7 +110,9 @@ plugins.service('plugins', ['userPlugins', '$sce', function(userPlugins, $sce) {
                    nsfw = true;
                }

-                var pluginContent = plugins[i].contentForMessage(message.text);
+                var pluginContent = plugins[i].contentForMessage(
+                    message.text
+                );
                if (pluginContent && pluginContent !== []) {

                    if (pluginContent instanceof Array) {