From 94b8de9d78fa8c7ec007ebedd88fa6002a140910 Mon Sep 17 00:00:00 2001
From: Ac_K <Acoustik666@gmail.com>
Date: Thu, 27 Aug 2020 23:21:22 +0200
Subject: [PATCH] Fix html/js escaping

---
 main.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main.js b/main.js
index 77cd25d..3babb85 100644
--- a/main.js
+++ b/main.js
@@ -1,4 +1,6 @@
 $(document).ready(function() {
+    function encode(r){return r.replace(/[\x26\x0A\<>'"]/g,function(r){return"&#"+r.charCodeAt(0)+";"})}
+
     $.getJSON("/api", function(data) {
         $(".main-stats").append('<div class="row"><div class="col-1"><i class="fas fa-user"></i></div><div class="col-6">Public Players</div><div class="col-4 text-right">' + data.public_players_count + '</div></div>');
         $(".main-stats").append('<div class="row"><div class="col-1"><i class="fas fa-user-secret"></i></div><div class="col-6">Private Players</div><div class="col-4 text-right">' + data.private_players_count + '</div></div>');
@@ -14,7 +16,7 @@ $(document).ready(function() {
 
     $.getJSON("/api/public_games", function(data) {
         $.each(data, function() {
-            $(".games-table").append('<tr><th><i class="fas fa-gamepad"></i> ' + this.game_name + '<br /><span class="titleid">(' + this.title_id + ')</span></th><td>' + this.player_count + '/' + this.max_player_count + ' <i class="fas fa-users"></i><br />' + this.players.join(', ') + '</td><td><i class="fas fa-network-wired"></i> ' + this.mode + ' (' + this.status + ')</td></tr>');
+            $(".games-table").append('<tr><th><i class="fas fa-gamepad"></i> ' + this.game_name + '<br /><span class="titleid">(' + this.title_id + ')</span></th><td>' + this.player_count + '/' + this.max_player_count + ' <i class="fas fa-users"></i><br />' + encode(this.players.join(', ')) + '</td><td><i class="fas fa-network-wired"></i> ' + this.mode + ' (' + this.status + ')</td></tr>');
         });
     });
 });
\ No newline at end of file