From f1ba814e928f37246b6df48c3d78c1f967009849 Mon Sep 17 00:00:00 2001 From: gnehs Date: Mon, 17 Jun 2024 02:23:59 +0800 Subject: [PATCH] fixed name injection --- components/stepstep.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/components/stepstep.js b/components/stepstep.js index 218086e..316540a 100644 --- a/components/stepstep.js +++ b/components/stepstep.js @@ -30,7 +30,12 @@ bot.command("stepstep", async ({ reply, message }) => { rank.forEach((item, index) => { let distance = item.distance.toFixed(2); let steps = item.steps.toLocaleString(); - responseText += `${index + 1}. ${item.user.name}\n`; + let name = item.user.name + .replaceAll("<", "<") + .replaceAll(">", ">") + .replaceAll("&", "&"); + + responseText += `${index + 1}. ${name}\n`; responseText += ` ${distance} 公里 - ${steps} 步\n`; });