From 86305dbfc040dffb0b18cfe185e7b56fa2425518 Mon Sep 17 00:00:00 2001
From: Saumye Malhotra <saumymemalhotra94@gmail.com>
Date: Tue, 5 Feb 2019 13:49:32 +0530
Subject: [PATCH] frontend protection against XXS attack

---
 release/side-comments.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release/side-comments.js b/release/side-comments.js
index 9658261..0a451a2 100644
--- a/release/side-comments.js
+++ b/release/side-comments.js
@@ -748,7 +748,7 @@ Section.prototype.postComment = function() {
   	  commentBody = $commentBox.val(),
   	  comment = {
 	  	sectionId: this.id,
-	  	comment: commentBody,
+	  	comment: commentBody.split(/<\s*[^>]*>/g).join(''),
 	  	authorAvatarUrl: this.currentUser.avatarUrl,
 	  	authorName: this.currentUser.name,
 	  	authorId: this.currentUser.id,