From 4f749b7fbe5e1fedcad34dcbcd78108a89ed88d8 Mon Sep 17 00:00:00 2001
From: Minwoo Jung <jmwsoft@gmail.com>
Date: Sun, 5 Oct 2014 15:10:11 +0900
Subject: [PATCH] Add a procedure to prevent XSS

Add a procedure to remove the html tags to prevent XSS
---
 examples/rooms/client.html | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/examples/rooms/client.html b/examples/rooms/client.html
index ebaa6aa..1cf1b09 100644
--- a/examples/rooms/client.html
+++ b/examples/rooms/client.html
@@ -9,7 +9,11 @@
 
 // Listen for the announce event.
 io.on('announce', function(data) {
-    $('body').append('<p>'+data.message+ new Date().toString()+'</p>')
+    
+    // Removing the html tags to prevent XSS
+    var msg = $('<div/>').text(data.message).text();
+    
+    $('body').append('<p>'+msg+ new Date().toString()+'</p>')
 })
 
 </script>