diff --git a/html/audiobridgetest.js b/html/audiobridgetest.js
index 7be7a8ee02..babf9cb52b 100644
--- a/html/audiobridgetest.js
+++ b/html/audiobridgetest.js
@@ -179,7 +179,7 @@ $(document).ready(function() {
Janus.debug("Got a list of participants:", list);
for(var f in list) {
var id = list[f]["id"];
- var display = list[f]["display"];
+ var display = escapeXmlTags(list[f]["display"]);
var setup = list[f]["setup"];
var muted = list[f]["muted"];
var spatial = list[f]["spatial_position"];
@@ -223,7 +223,7 @@ $(document).ready(function() {
Janus.debug("Got a list of participants:", list);
for(var f in list) {
var id = list[f]["id"];
- var display = list[f]["display"];
+ var display = escapeXmlTags(list[f]["display"]);
var setup = list[f]["setup"];
var muted = list[f]["muted"];
var spatial = list[f]["spatial_position"];
@@ -268,7 +268,7 @@ $(document).ready(function() {
Janus.debug("Got a list of participants:", list);
for(var f in list) {
var id = list[f]["id"];
- var display = list[f]["display"];
+ var display = escape(list[f]["display"]);
var setup = list[f]["setup"];
var muted = list[f]["muted"];
var spatial = list[f]["spatial_position"];
@@ -448,7 +448,7 @@ function registerUsername() {
return;
}
var register = { request: "join", room: myroom, display: username };
- myusername = username;
+ myusername = escapeXmlTags(username);
// Check if we need to join using G.711 instead of (default) Opus
if(acodec === 'opus' || acodec === 'pcmu' || acodec === 'pcma')
register.codec = acodec;
@@ -467,3 +467,12 @@ function getQueryStringValue(name) {
results = regex.exec(location.search);
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
+
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
diff --git a/html/mvideoroomtest.js b/html/mvideoroomtest.js
index c3540701df..5d47349ae1 100644
--- a/html/mvideoroomtest.js
+++ b/html/mvideoroomtest.js
@@ -465,7 +465,7 @@ function registerUsername() {
ptype: "publisher",
display: username
};
- myusername = username;
+ myusername = escapeXmlTags(username);
sfutest.send({ message: register });
}
}
@@ -568,7 +568,7 @@ function subscribeTo(sources) {
feeds[slot] = stream.id;
feedStreams[stream.id].slot = slot;
feedStreams[stream.id].remoteVideos = 0;
- $('#remote' + slot).removeClass('hide').html(stream.display).show();
+ $('#remote' + slot).removeClass('hide').html(escapeXmlTags(stream.display)).show();
break;
}
}
@@ -643,7 +643,7 @@ function subscribeTo(sources) {
feeds[slot] = stream.id;
feedStreams[stream.id].slot = slot;
feedStreams[stream.id].remoteVideos = 0;
- $('#remote' + slot).removeClass('hide').html(stream.display).show();
+ $('#remote' + slot).removeClass('hide').html(escapeXmlTags(stream.display)).show();
break;
}
}
@@ -905,6 +905,15 @@ function getQueryStringValue(name) {
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
+
// Helpers to create Simulcast-related UI, if enabled
function addSimulcastButtons(feed, temporal) {
var index = feed;
diff --git a/html/recordplaytest.js b/html/recordplaytest.js
index 3adef69684..a4f07fefe6 100644
--- a/html/recordplaytest.js
+++ b/html/recordplaytest.js
@@ -505,11 +505,11 @@ function updateRecsList() {
Janus.debug("Got a list of available recordings:", list);
for(var mp in list) {
Janus.debug(" >> [" + list[mp]["id"] + "] " + list[mp]["name"] + " (" + list[mp]["date"] + ")");
- $('#recslist').append("" + list[mp]["name"] + " [" + list[mp]["date"] + "]" + "");
+ $('#recslist').append("" + escapeXmlTags(list[mp]["name"]) + " [" + list[mp]["date"] + "]" + "");
}
$('#recslist a').unbind('click').click(function() {
selectedRecording = $(this).attr("id");
- selectedRecordingInfo = $(this).text();
+ selectedRecordingInfo = escapeXmlTags($(this).text());
$('#recset').html($(this).html()).parent().removeClass('open');
$('#play').removeAttr('disabled').click(startPlayout);
return false;
@@ -627,3 +627,12 @@ function getQueryStringValue(name) {
results = regex.exec(location.search);
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
+
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
diff --git a/html/screensharingtest.js b/html/screensharingtest.js
index e49a894562..d506ca4087 100644
--- a/html/screensharingtest.js
+++ b/html/screensharingtest.js
@@ -167,7 +167,7 @@ $(document).ready(function() {
if(event === "joined") {
myid = msg["id"];
$('#session').html(room);
- $('#title').html(msg["description"]);
+ $('#title').html(escapeXmlTags(msg["description"]));
Janus.log("Successfully joined room " + msg["room"] + " with ID " + myid);
if(role === "publisher") {
// This is our session, publish our stream
@@ -647,3 +647,12 @@ function newRemoteFeed(id, display) {
}
});
}
+
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
diff --git a/html/streamingtest.js b/html/streamingtest.js
index ea6db7cd99..97b11dac33 100644
--- a/html/streamingtest.js
+++ b/html/streamingtest.js
@@ -375,7 +375,7 @@ function updateStreamsList() {
Janus.log("Got a list of available streams:", list);
streamsList = {};
for(var mp in list) {
- Janus.debug(" >> [" + list[mp]["id"] + "] " + list[mp]["description"] + " (" + list[mp]["type"] + ")");
+ Janus.debug(" >> [" + list[mp]["id"] + "] " + escapeXmlTags(list[mp]["description"]) + " (" + list[mp]["type"] + ")");
$('#streamslist').append("" + list[mp]["description"] + " (" + list[mp]["type"] + ")" + "");
// Check the nature of the available streams, and if there are some multistream ones
list[mp].legacy = true;
@@ -417,7 +417,7 @@ function getStreamInfo() {
var body = { request: "info", id: parseInt(selectedStream) || selectedStream };
streaming.send({ message: body, success: function(result) {
if(result && result.info && result.info.metadata) {
- $('#metadata').html(result.info.metadata);
+ $('#metadata').html(escapeXmlTags(result.info.metadata));
$('#info').removeClass('hide').show();
}
}});
@@ -503,6 +503,15 @@ function stopStream() {
streaming.hangup();
}
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
+
// Helper to add a new panel to the 'videos' div
function addPanel(panelId, mid, desc) {
$('#videos').append(
diff --git a/html/textroomtest.js b/html/textroomtest.js
index 082ae44905..3d0697e35a 100644
--- a/html/textroomtest.js
+++ b/html/textroomtest.js
@@ -153,9 +153,7 @@ $(document).ready(function() {
var what = json["textroom"];
if(what === "message") {
// Incoming message: public or private?
- var msg = json["text"];
- msg = msg.replace(new RegExp('<', 'g'), '<');
- msg = msg.replace(new RegExp('>', 'g'), '>');
+ var msg = escapeXmlTags(json["text"]);
var from = json["from"];
var dateString = getDateString(json["date"]);
var whisper = json["whisper"];
@@ -170,9 +168,7 @@ $(document).ready(function() {
}
} else if(what === "announcement") {
// Room announcement
- var msg = json["text"];
- msg = msg.replace(new RegExp('<', 'g'), '<');
- msg = msg.replace(new RegExp('>', 'g'), '>');
+ var msg = escapeXmlTags(json["text"]);
var dateString = getDateString(json["date"]);
$('#chatroom').append('[' + dateString + '] ' + msg + '');
$('#chatroom').get(0).scrollTop = $('#chatroom').get(0).scrollHeight;
@@ -180,7 +176,7 @@ $(document).ready(function() {
// Somebody joined
var username = json["username"];
var display = json["display"];
- participants[username] = display ? display : username;
+ participants[username] = escapeXmlTags(display ? display : username);
if(username !== myid && $('#rp' + username).length === 0) {
// Add to the participants list
$('#list').append('
' + participants[username] + '');
@@ -282,7 +278,7 @@ function registerUsername() {
username: myid,
display: username
};
- myusername = username;
+ myusername = escapeXmlTags(username);
transactions[transaction] = function(response) {
if(response["textroom"] === "error") {
// Something went wrong
@@ -312,7 +308,7 @@ function registerUsername() {
if(response.participants && response.participants.length > 0) {
for(var i in response.participants) {
var p = response.participants[i];
- participants[p.username] = p.display ? p.display : p.username;
+ participants[p.username] = escapeXmlTags(p.display ? p.display : p.username);
if(p.username !== myid && $('#rp' + p.username).length === 0) {
// Add to the participants list
$('#list').append('' + participants[p.username] + '');
@@ -418,3 +414,12 @@ function getQueryStringValue(name) {
results = regex.exec(location.search);
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
+
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
diff --git a/html/videocalltest.js b/html/videocalltest.js
index 1c9142795d..a4e1aef865 100644
--- a/html/videocalltest.js
+++ b/html/videocalltest.js
@@ -154,7 +154,7 @@ $(document).ready(function() {
} else if(result["event"]) {
var event = result["event"];
if(event === 'registered') {
- myusername = result["username"];
+ myusername = escapeXmlTags(result["username"]);
Janus.log("Successfully registered as " + myusername + "!");
$('#youok').removeClass('hide').show().html("Registered as '" + myusername + "'");
// Get a list of available peers, just for fun
@@ -169,7 +169,7 @@ $(document).ready(function() {
bootbox.alert("Waiting for the peer to answer...");
} else if(event === 'incomingcall') {
Janus.log("Incoming call from " + result["username"] + "!");
- yourusername = result["username"];
+ yourusername = escapeXmlTags(result["username"]);
// Notify user
bootbox.hideAll();
incoming = bootbox.dialog({
@@ -219,7 +219,7 @@ $(document).ready(function() {
});
} else if(event === 'accepted') {
bootbox.hideAll();
- var peer = result["username"];
+ var peer = escapeXmlTags(result["username"]);
if(!peer) {
Janus.log("Call started!");
} else {
@@ -672,6 +672,15 @@ function getQueryStringValue(name) {
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
+
// Helpers to create Simulcast-related UI, if enabled
function addSimulcastButtons(temporal) {
$('#curres').parent().append(
diff --git a/html/videoroomtest.js b/html/videoroomtest.js
index 80021fb276..84a5e306a9 100644
--- a/html/videoroomtest.js
+++ b/html/videoroomtest.js
@@ -469,7 +469,7 @@ function registerUsername() {
ptype: "publisher",
display: username
};
- myusername = username;
+ myusername = escapeXmlTags(username);
sfutest.send({ message: register });
}
}
@@ -577,7 +577,7 @@ function newRemoteFeed(id, display, streams) {
});
// FIXME Right now, this is always the same feed: in the future, it won't
remoteFeed.rfid = stream.id;
- remoteFeed.rfdisplay = stream.display;
+ remoteFeed.rfdisplay = escapeXmlTags(stream.display);
}
// We wait for the plugin to send us an offer
var subscribe = {
@@ -792,6 +792,15 @@ function getQueryStringValue(name) {
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
+
// Helpers to create Simulcast-related UI, if enabled
function addSimulcastButtons(feed, temporal) {
var index = feed;
diff --git a/html/vp9svctest.js b/html/vp9svctest.js
index 69e9bedce0..8d8e464b23 100644
--- a/html/vp9svctest.js
+++ b/html/vp9svctest.js
@@ -457,7 +457,7 @@ function registerUsername() {
ptype: "publisher",
display: username
};
- myusername = username;
+ myusername = escapeXmlTags(username);
sfutest.send({ message: register });
}
}
@@ -538,7 +538,7 @@ function newRemoteFeed(id, display, streams) {
});
// FIXME Right now, this is always the same feed: in the future, it won't
remoteFeed.rfid = stream.id;
- remoteFeed.rfdisplay = stream.display;
+ remoteFeed.rfdisplay = escapeXmlTags(stream.display);
}
// We wait for the plugin to send us an offer
var subscribe = {
@@ -742,6 +742,15 @@ function newRemoteFeed(id, display, streams) {
});
}
+// Helper to escape XML tags
+function escapeXmlTags(value) {
+ if(value) {
+ var escapedValue = value.replace(new RegExp('<', 'g'), '<');
+ escapedValue = escapedValue.replace(new RegExp('>', 'g'), '>');
+ return escapedValue;
+ }
+}
+
// Helpers to create SVC-related UI for a new viewer
function addSvcButtons(feed) {
var index = feed;