diff options
| author | Tyler Murphy <=> | 2023-08-21 23:43:01 -0400 |
|---|---|---|
| committer | Tyler Murphy <=> | 2023-08-21 23:43:01 -0400 |
| commit | 909d47f3316b3593a375bfb52535003c6bc9dd4b (patch) | |
| tree | 8fc633b048a7f08d0741334e4ec9e013142ea4a9 | |
| parent | dms (diff) | |
| download | xssbook-909d47f3316b3593a375bfb52535003c6bc9dd4b.tar.gz xssbook-909d47f3316b3593a375bfb52535003c6bc9dd4b.tar.bz2 xssbook-909d47f3316b3593a375bfb52535003c6bc9dd4b.zip | |
fuck you you stupid browsers stop making thing safe >:(
| -rw-r--r-- | public/js/components.js | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/public/js/components.js b/public/js/components.js index 38af787..0bf0ed1 100644 --- a/public/js/components.js +++ b/public/js/components.js @@ -330,6 +330,13 @@ export function createMultiLineInput(attributes, onSubmit) { if (event.keyCode == 13 && !event.shiftKey) { event.preventDefault() let text = area.innerHTML.trim() + .replaceAll("&", '&') + .replaceAll("<", '<') + .replaceAll(">", '>') + .replaceAll(""", '"') + .replaceAll("'", "'") + + text = text.replaceAll("\n", "<br>") if (text.length < 1) return if (await onSubmit(text)) { |