diff options
| -rw-r--r-- | www/static/js/demo.js | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/www/static/js/demo.js b/www/static/js/demo.js index 037006de..1228b4e3 100644 --- a/www/static/js/demo.js +++ b/www/static/js/demo.js @@ -28,8 +28,8 @@ function parseParams(str) { str = str.substr(1); } while (e = re.exec(str)) { - var k = decode(e[1]); - var v = decode(e[2]); + var k = encodeHTML(decode(e[1])); + var v = encodeHTML(decode(e[2])); if (params[k] !== undefined) { if (!Array.isArray(params[k])) { params[k] = [params[k]]; @@ -52,6 +52,10 @@ function getQuery(url) { url.substring(question + 1, hash); } +function encodeHTML(s) { + return s.replace(/&/g, '&').replace(/</g, '<').replace(/"/g, '"'); +} + function params(request) { if (server.getHTTPMethod(request) == "GET") { return parseParams(getQuery(request.url)); |