HTML codes are not escaped

mowolf / ChatAnalyzer

Java script webapp that analyzes your WhatsApp Chat history locally on your machine.

https://chatanalyzer.moritzwolf.com

Other

208 stars 41 forks source link

HTML codes are not escaped #15

Closed ryanb93 closed 6 years ago

ryanb93 commented 6 years ago

Putting HTML code into the chat file can result in changes to the webpage.

For example:

[03/12/2014, 19:18:13] <h1>Ryan</h1>: <h1>Testing</h1>
[03/12/2014, 19:18:13] <h1>Ryan</h1>: <h1>Testing</h1>
[03/12/2014, 19:18:13] <h1>Ryan</h1>: <h1>Testing</h1>

Results in the HTML being parsed and changes being made to the webpage. This should be escaped.