Merge pull request #24 from pkallos/master

garnaat · garnaat · commit fe299ad486ce · 2015-05-21T19:08:29.000-07:00
escape HTML in username
diff --git a/lambda/dynamodb/code/LambdaChatDynamoDB.js b/lambda/dynamodb/code/LambdaChatDynamoDB.js
@@ -49,7 +49,7 @@ exports.handler = function(event, context) {
                 },
                 "Limit": 20,
                 "ScanIndexForward": false
-            }            
+            }
             console.log("Scanning the table");
             ddb.query(params, next);
         },
@@ -64,11 +64,11 @@ exports.handler = function(event, context) {
                 ii = response.Items[i];
                 var message = {};
                 message['id'] = ii.message_id['S'];
-                message['name'] = ii.name['S'];
+                message['name'] = escapeHtml(ii.name['S']);
                 message['message'] = escapeHtml(ii.message['S']);
                 message['channel'] = ii.channel['S'];
                 messageData.messages.push(message);
-            }            
+            }
             next(null, JSON.stringify(messageData));
         },
         function savetos3(jsonstring, next) {
@@ -88,5 +88,5 @@ exports.handler = function(event, context) {
         }
         context.done(err, '');
     });
-    
+
 };
