"socket.io-client": "^4.6.1",
"uuid": "^9.0.0",
"webpack": "^5.84.1",
- "webpack-cli": "^5.1.1"
+ "webpack-cli": "^5.1.1",
+ "xss": "^1.0.14"
},
"devDependencies": {
"@commitlint/cli": "^17.6.6",
"node": ">= 8"
}
},
+ "node_modules/cssfilter": {
+ "version": "0.0.10",
+ "resolved": "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.10.tgz",
+ "integrity": "sha512-FAaLDaplstoRsDR8XGYH51znUN0UY7nMc6Z9/fvE8EXGwvJE9hu7W2vHwx1+bd6gCYnln9nLbzxFTrcO9YQDZw=="
+ },
"node_modules/csv-parse": {
"version": "5.4.0",
"resolved": "https://registry.npmjs.org/csv-parse/-/csv-parse-5.4.0.tgz",
"resolved": "https://registry.npmjs.org/xorshift/-/xorshift-1.2.0.tgz",
"integrity": "sha512-iYgNnGyeeJ4t6U11NpA/QiKy+PXn5Aa3Azg5qkwIFz1tBLllQrjjsk9yzD7IAK0naNU4JxdeDgqW9ov4u/hc4g=="
},
+ "node_modules/xss": {
+ "version": "1.0.14",
+ "resolved": "https://registry.npmjs.org/xss/-/xss-1.0.14.tgz",
+ "integrity": "sha512-og7TEJhXvn1a7kzZGQ7ETjdQVS2UfZyTlsEdDOqvQF7GoxNfY+0YLCzBy1kPdsDDx4QuNAonQPddpsn6Xl/7sw==",
+ "dependencies": {
+ "commander": "^2.20.3",
+ "cssfilter": "0.0.10"
+ },
+ "bin": {
+ "xss": "bin/xss"
+ },
+ "engines": {
+ "node": ">= 0.10.0"
+ }
+ },
"node_modules/xtend": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
"which": "^2.0.1"
}
},
+ "cssfilter": {
+ "version": "0.0.10",
+ "resolved": "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.10.tgz",
+ "integrity": "sha512-FAaLDaplstoRsDR8XGYH51znUN0UY7nMc6Z9/fvE8EXGwvJE9hu7W2vHwx1+bd6gCYnln9nLbzxFTrcO9YQDZw=="
+ },
"csv-parse": {
"version": "5.4.0",
"resolved": "https://registry.npmjs.org/csv-parse/-/csv-parse-5.4.0.tgz",
"resolved": "https://registry.npmjs.org/xorshift/-/xorshift-1.2.0.tgz",
"integrity": "sha512-iYgNnGyeeJ4t6U11NpA/QiKy+PXn5Aa3Azg5qkwIFz1tBLllQrjjsk9yzD7IAK0naNU4JxdeDgqW9ov4u/hc4g=="
},
+ "xss": {
+ "version": "1.0.14",
+ "resolved": "https://registry.npmjs.org/xss/-/xss-1.0.14.tgz",
+ "integrity": "sha512-og7TEJhXvn1a7kzZGQ7ETjdQVS2UfZyTlsEdDOqvQF7GoxNfY+0YLCzBy1kPdsDDx4QuNAonQPddpsn6Xl/7sw==",
+ "requires": {
+ "commander": "^2.20.3",
+ "cssfilter": "0.0.10"
+ }
+ },
"xtend": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
import { join } from 'path';
import express, {Request, Response} from 'express';
import bodyParser from 'body-parser';
+import xss from 'xss';
import http from 'http';
import { Server, Socket } from 'socket.io';
}
}
else {
- message = broadcastMessage(req.player.username, msg);
+ message = broadcastMessage(req.player.username, xss(msg));
chatHistory.push(message);
chatHistory.slice(-10);
}