XSS Prevention

Author: GaneshKandu

README.md

@@ -88,4 +88,4 @@ Sign-in your first user and login
 #### Maintainers
 
 - [Ganesh Kandu](https://github.com/GaneshKandu)
-	- [Linkedin](https://www.linkedin.com/in/ganesh-kandu-42b14373/)
+	- [Linkedin](https://www.linkedin.com/in/ganeshkandu/)

app/Http/Controllers/KchatController.php

@@ -74,6 +74,12 @@ function kchat(Request $request){
                     $data['messages'] = array_reverse($data['messages']);
                 }
 
+                foreach($data['messages'] as $i => $v){
+                    $data['messages'][$i]->first_name = htmlentities($data['messages'][$i]->first_name);
+                    $data['messages'][$i]->last_name = htmlentities($data['messages'][$i]->last_name);
+                    $data['messages'][$i]->message = htmlentities($data['messages'][$i]->message);
+                }
+            
 				if(count($data['messages'])){
 
 					if(end($data['messages'])->id > session()->get('message_id')){
@@ -106,13 +112,22 @@ function kchat(Request $request){
 		}
 
 		$data['chats'] = $tmp->get()->toArray();
+        
+        foreach($data['chats'] as $i => $v){
+            $data['chats'][$i]->conversation_name = htmlentities($data['chats'][$i]->conversation_name);
+            $data['chats'][$i]->first_name = htmlentities($data['chats'][$i]->first_name);
+            $data['chats'][$i]->last_name = htmlentities($data['chats'][$i]->last_name);
+            $data['chats'][$i]->message = htmlentities($data['chats'][$i]->message);
+        }
 
 		if(count($data['chats'])){
             if(end($data['chats'])->mid > session()->get('chat_id')){
                 session()->put('chat_id', end($data['chats'])->mid);
             }
 		}
-		
+        
+		//print_r($data);
+        
 		return json_encode($data);
 	}
 

public/js/kchat.msg.js

@@ -190,7 +190,7 @@ $(document).ready (function(){
                     LoadMessage = true;
                 },
                 error: function(result){
-                    
+                    LoadMessage = true;
                 }
             }); 
         }
@@ -242,38 +242,33 @@ $(document).ready (function(){
 
 	});
 
-    search_convo = true;
-    
     $("#convo_like").keyup(function() {
 
         Search = {};
 
         Search['_token'] = $('meta[name="csrf_token"]').attr('content');
         Search['convo_like'] = $(this).val();
 
-        if(search_convo){
-            search_convo = false;
-            $.ajax({
-                type: "POST",
-                url: '/getConvo',
-                data: Search,
-                success: function(results){
-                    search_convo = true;
-                    results = $.parseJSON(results);
-                    html = '';
-                    results.forEach(function(element){
-                        html += `<tr>
-                            <td><a href="/messages/?chat=${element.id}" ><img src="${element.photo}" class="rounded-circle my-n1" alt="[Photo]" width="32" height="32"></a></td>
-                            <td><a href="/messages/?chat=${element.id}" >${element.conversation_name}</a></td>
-                        </tr>`
-                    });
-                    $('#ConvoList').html(html);
-                },
-                error: function(result){
-                    
-                }
-            });
-        }
+        $.ajax({
+            type: "POST",
+            url: '/getConvo',
+            data: Search,
+            success: function(results){
+                search_convo = true;
+                results = $.parseJSON(results);
+                html = '';
+                results.forEach(function(element){
+                    html += `<tr>
+                        <td><a href="/messages/?chat=${element.id}" ><img src="${element.photo}" class="rounded-circle my-n1" alt="[Photo]" width="32" height="32"></a></td>
+                        <td><a href="/messages/?chat=${element.id}" >${element.conversation_name}</a></td>
+                    </tr>`
+                });
+                $('#ConvoList').html(html);
+            },
+            error: function(result){
+                
+            }
+        });
 
 	});