From 6c852a849ae5c5375ba8ac0207c8c86e8bf0c148 Mon Sep 17 00:00:00 2001 From: PangeaCake Date: Wed, 21 Jan 2015 19:04:01 -0800 Subject: [PATCH] Prevent HTML injection through /topic!!!! Really big security issue here. --- src/plugins/irc-events/topic.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/irc-events/topic.js b/src/plugins/irc-events/topic.js index 9814b1a6..779360bd 100644 --- a/src/plugins/irc-events/topic.js +++ b/src/plugins/irc-events/topic.js @@ -29,7 +29,7 @@ module.exports = function(irc, network) { chan.topic = topic client.emit("topic", { chan: chan.id, - topic: topic + topic: _.escape(topic) }); }); };