escaping typed poll response before displaying results in chat

e450173b · Ramon Souza · ad66222a · e450173b · e450173b
Commit e450173b authored 4 years ago by Ramon Souza
--- a/bigbluebutton-html5/imports/api/polls/server/handlers/sendPollChatMsg.js
+++ b/bigbluebutton-html5/imports/api/polls/server/handlers/sendPollChatMsg.js
@@ -17,6 +17,7 @@ export default function sendPollChatMsg({ body }, meetingId) {
    responded += item.numVotes;
    return item;
  }).map((item) => {
+    item.key = item.key.replace('<br/>', '');
    const numResponded = responded === numRespondents ? numRespondents : responded;
    const pct = Math.round(item.numVotes / numResponded * 100);
    const pctFotmatted = `${Number.isNaN(pct) ? 0 : pct}%`;

--- a/bigbluebutton-html5/imports/ui/components/chat/time-window-list/time-window-chat-item/message-chat-item/component.jsx
+++ b/bigbluebutton-html5/imports/ui/components/chat/time-window-list/time-window-chat-item/message-chat-item/component.jsx
@@ -175,7 +175,16 @@ class MessageChatItem extends PureComponent {
    if (!isDefaultPoll) {
      const entries = _text.split('<br/>');
      const options = [];
-      entries.map((e) => { options.push([e.slice(0, e.indexOf(':'))]); return e; });
+      entries.map((e) => {
+        // Sanitize. See: https://gist.github.com/sagewall/47164de600df05fb0f6f44d48a09c0bd
+        const div = document.createElement('div');
+        div.appendChild(document.createTextNode(e));
+        _text = _text.replace(e, div.innerHTML);
+        e = div.innerHTML;
+
+        options.push([e.slice(0, e.indexOf(':'))]);
+        return e;
+      });
      options.map((o, idx) => {
        if (o[0] !== '') {
          _text = formatBoldBlack(_text.replace(o, idx + 1));