From 80abf0385a8d4e9fbad55930afd2687478a7fa0f Mon Sep 17 00:00:00 2001
From: dominicbraam <dominic.braam@gmail.com>
Date: Wed, 22 Jun 2022 10:19:52 -0400
Subject: [PATCH] echo command no longer returns html tags

---
 src/utils/bin/commands.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/utils/bin/commands.ts b/src/utils/bin/commands.ts
index 338c9f87d..3d53b5937 100644
--- a/src/utils/bin/commands.ts
+++ b/src/utils/bin/commands.ts
@@ -93,7 +93,8 @@ export const reddit = async (args: string[]): Promise<string> => {
 
 // Typical linux commands
 export const echo = async (args: string[]): Promise<string> => {
-  return args.join(' ');
+  return args.join(' ').replace( /<(?:(?:(?:(script|style|object|embed|applet|noframes|noscript|noembed)(?:\s+(?:"[\S\s]*?"|'[\S\s]*?'|(?:(?!\/>)[^>])?)+)?\s*>)[\S\s]*?<\/\1\s*(?=>))|(?:\/?[\w:]+\s*\/?)|(?:[\w:]+\s+(?:"[\S\s]*?"|'[\S\s]*?'|[^>]?)+\s*\/?)|\?[\S\s]*?\?|(?:!(?:(?:DOCTYPE[\S\s]*?)|(?:\[CDATA\[[\S\s]*?\]\])|(?:--[\S\s]*?--)|(?:ATTLIST[\S\s]*?)|(?:ENTITY[\S\s]*?)|(?:ELEMENT[\S\s]*?))))>/g,"");
+  //taken from: https://stackoverflow.com/questions/57398785/prevent-html-injections-with-javascript-typescript
 };
 
 export const whoami = async (args: string[]): Promise<string> => {