From 4b61f0a904caaf639caeb38cfc6f72cc757ab8c8 Mon Sep 17 00:00:00 2001 From: jrizzle4shizzle Date: Fri, 23 Apr 2021 20:41:12 +0100 Subject: [PATCH] Sanitizing user input strings Character and player names are end-user controlled, and can contain invalid characters that will cause the API to crash. --- TurnMarker1/TurnMarker1.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/TurnMarker1/TurnMarker1.js b/TurnMarker1/TurnMarker1.js index a11caa2..0bbe2da 100644 --- a/TurnMarker1/TurnMarker1.js +++ b/TurnMarker1/TurnMarker1.js @@ -532,7 +532,7 @@ var TurnMarker = TurnMarker || (function(){ 'text-decoration: underline;'+ 'font-size: 130%;' + '\'>'+ - previousToken.get('name')+ + previousToken.get('name').replace(/[^a-z0-9áéíóúñü \.,_-]/gim,"").trim()+ '\'s turn is done.'; } @@ -543,7 +543,7 @@ var TurnMarker = TurnMarker || (function(){ 'text-decoration: underline;'+ 'font-size: 130%;'+ '\'>'+ - currentToken.get('name')+ + currentToken.get('name').replace(/[^a-z0-9áéíóúñü \.,_-]/gim,"").trim()+ ', it\'s now your turn!'; } @@ -577,7 +577,7 @@ var TurnMarker = TurnMarker || (function(){ var player=getObj('player',c); if(player) { var PlayerColor=player.get('color'); - var PlayerName=player.get('displayname'); + var PlayerName=player.get('displayname').replace(/[^a-z0-9áéíóúñü \.,_-]/gim,"").trim(); PlayerAnnounceExtra+='