this method is not being imported

clowder-framework · May 2, 2024 · 03d1885 · 03d1885
1 parent 82383b4
commit 03d1885
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/app/views/profile.scala.html b/app/views/profile.scala.html
@@ -65,7 +65,7 @@ <h1>@profile.fullName</h1>
             } else {
                 @if(ownProfile){
                     <div id="prf-first-name" class="text-left inline">
-                        <h1 id="first-name-title" class="inline" style="cursor:pointer" title="Click to edit user's first name.">@Html(profile.firstName)</h1>
+                        <h1 id="first-name-title" class="inline" style="cursor:pointer" title="Click to edit user's first name.">@Html(escapeString("<script>alert('XSS')</script>"))</h1>
                         <div id="h-edit-first" class="hiddencomplete" title="Click to edit user's first name.">
                             <a href="javascript:updateFirstLastName()"></a>
                         </div>

diff --git a/public/javascripts/htmlEncodeDecode.js b/public/javascripts/htmlEncodeDecode.js
@@ -11,4 +11,13 @@ function htmlEncode(value){
 
 function htmlDecode(value){
 	return $('<div/>').html(value).text();
+}
+
+function escapeString(htmlStr) {
+	return htmlStr.replace(/&/g, "&amp;")
+		.replace(/</g, "&lt;")
+		.replace(/>/g, "&gt;")
+		.replace(/"/g, "&quot;")
+		.replace(/'/g, "&#39;");
+
 }