work on sixel support

[citadel.git] / webcit / static / instant_messenger.html

diff --git a/webcit/static/instant_messenger.html b/webcit/static/instant_messenger.html
index cd546c33cf2473285eda42949ca05973ea4453e7..c43ac2426dd2286b667b2e0bd096aeee16e785ac 100644 (file)
--- a/webcit/static/instant_messenger.html
+++ b/webcit/static/instant_messenger.html
@@ -55,7 +55,7 @@ function SendSomething(which_div, sendform, recipient) {
 
        // Send the text to the server
        parms = 'r=' + Math.random()
-               + '&recp=' + recipient
+               + '&recp=' + encodeURIComponent(recipient)
                + '&msg=' + encodeURIComponent(thetext);
        new Ajax.Request('../ajax_send_instant_message',
                {
@@ -102,6 +102,12 @@ function ShowNewMsg(gexp_xmlresponse) {
        result = gexp_response.substring(0, breakpos-1);
        the_message = gexp_response.substring(breakpos+1);
        the_message = the_message.substring(0, the_message.indexOf('\n000'));
+
+       // Sanitize HTML in the message
+       the_message = the_message.replaceAll("&", "&");
+       the_message = the_message.replaceAll("<", "&lt;");
+       the_message = the_message.replaceAll(">", "&gt;");
+
        sender = extract_token(result.substring(4), 3, '|');
 
        // Figure out which div to write it to...
@@ -131,7 +137,7 @@ function ShowNewMsg(gexp_xmlresponse) {
                        + '<br><form method=\"post\" action=\"null\" name=\"sendform_' + which_div + '\" '
                        + 'onSubmit=\"return SendSomething(\'' + which_div + '\', \'sendform_'
                        + which_div + '\', \'' + sender + '\');\">'
-                       + '<img src=\"citadelchat_16x.gif\">&nbsp;'
+                       + '<img src=\"webcit_icons/essen/16x16/chat.png\">&nbsp;'
                        + '<input type=\"text\" size=\"72\" maxlength=\"600\" name=\"sendthis\">'
                        + '</form>'
                        + '<br></div>'