From 9da5336c43a171a676c3e538345911740f5f635e Mon Sep 17 00:00:00 2001
From: xangelo <me@xangelo.ca>
Date: Mon, 21 Aug 2023 16:04:33 -0400
Subject: [PATCH] fix: strip all tags in chat

---
 src/server/api.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/server/api.ts b/src/server/api.ts
index d8296fc..a0c4f45 100644
--- a/src/server/api.ts
+++ b/src/server/api.ts
@@ -416,7 +416,9 @@ app.post('/chat', authEndpoint, async (req: AuthRequest, res: Response) => {
     }
   }
   else {
-    message = broadcastMessage(req.player.username, xss(msg));
+    message = broadcastMessage(req.player.username, xss(msg, {
+      whiteList: {}
+    }));
     chatHistory.push(message);
     chatHistory.slice(-10);
   }
-- 
2.25.1