Fix potential XSS when attacker takes control over http://at.hackerspace.pl/api

2013-11-09 11:56:36 +01:00 · 2013-11-09 11:56:36 +01:00 · cd5e128c8a
parent bc5f94700c
commit cd5e128c8a
1 changed files with 1 additions and 1 deletions
--- a/js/checkinator-header.js
+++ b/js/checkinator-header.js
@ -1,7 +1,7 @@
 jQuery(document).ready(function() {
    function checkinify() {
         jQuery.getJSON("http://at.hackerspace.pl/api", function(data) {
-          var users = data.users.length;
+          var users = parseInt(data.users.length) || 0;
          var tooltip = jQuery('#status-tooltip');
          var text = 'According to <a href="http://at.hackerspace.pl">our instruments</a> there ';
          if (users == 1)