Hi, ich such ne Möglichkeit xss in "meinem" chat zu deaktivieren.
JavaScript
function handleReceiveChat() {
if (receiveReq.readyState == 4) {
var chat_div = document.getElementById('div_chat');
var xmldoc = receiveReq.responseXML;
var message_nodes = xmldoc.getElementsByTagName("message");
var n_messages = message_nodes.length
for (i = 0; i < n_messages; i++) {
var user_node = message_nodes[i].getElementsByTagName("user");
var text_node = message_nodes[i].getElementsByTagName("text");
var time_node = message_nodes[i].getElementsByTagName("time");
chat_div.innerHTML += '<div id="thread-post-image" style="background: url(../imager.php?name=' + user_node[0].firstChild.nodeValue + ')center center;background-size: cover;height: 30px;width: 30px;" ></div>';
chat_div.innerHTML += user_node[0].firstChild.nodeValue + ' ';
chat_div.innerHTML += '<font class="chat_time">' + time_node[0].firstChild.nodeValue + '</font><br />';
chat_div.innerHTML += text_node[0].firstChild.nodeValue + '<br /><br />';
chat_div.scrollTop = chat_div.scrollHeight;
lastMessage = (message_nodes[i].getAttribute('id'));
}
mTimer = setTimeout('getChatText();',2000);
}
}chat_div.innerHTML += text_node[0].firstChild.nodeValue + '<br /><br />'; <-- hier kommt der text
gibt es da ne einfache möglichkeit? thank you very much 4 any help
Hab ne lösung
EDIT: ich mach daraus einfach ne disabled input ez pz kann geschlossen werden lol
