From b802d25ae5a542ce5a3d7bffe8b883c6df92a5d1 Mon Sep 17 00:00:00 2001
From: osmarks <osmarks@protonmail.com>
Date: Sat, 6 Oct 2018 12:38:18 +0100
Subject: [PATCH] Yet more XSS fixing

---
 src/index.html | 2 +-
 src/index.js   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/index.html b/src/index.html
index 4640d08..598fcbf 100644
--- a/src/index.html
+++ b/src/index.html
@@ -232,7 +232,7 @@ const viewMessage = m => {
         if (data.channel) {
             const color = intToHSL(getHash(data.channel.toString()))
             const style = "color: " + color;
-            children.push([ "span", { ...cls("channel"), style }, data.channel ])
+            children.push([ "span", { ...cls("channel"), style }, data.channel.toString() ])
         }
         if (data.message) {
             let text = JSON.stringify(data.message, null, "\t");
diff --git a/src/index.js b/src/index.js
index 48dd584..e70c2a3 100644
--- a/src/index.js
+++ b/src/index.js
@@ -22,6 +22,7 @@ const wildcardChannel = "*"
 const messageLog = []
 
 const broadcast = (wss, msg, sender) => {
+    validateChannel(msg.channel);
     const toSend = {
         ...msg,
         type: "message",