X-Git-Url: https://git.auder.net/game/%22%20%20%20data.gameInfo.gameId%20%20%20%22?a=blobdiff_plain;f=server%2Froutes%2Fmessages.js;h=d96cbfa2dd7631267fb2a234a84462166b8b4d27;hb=bd76b45611cbb58dcf774745a4d690277a82aacd;hp=cd93b9fe5e23dc34475108610b9abdec7fa936a7;hpb=dac395887d96e2d642b209c6db6aaacc3ffacb34;p=vchess.git

diff --git a/server/routes/messages.js b/server/routes/messages.js
index cd93b9fe..d96cbfa2 100644
--- a/server/routes/messages.js
+++ b/server/routes/messages.js
@@ -9,10 +9,10 @@ router.post("/messages", (req,res,next) => {
   if (!req.xhr)
     return res.json({errmsg: "Unauthorized access"});
   const from = req.body["email"];
-  const subject = req.body["subject"];
-  const body = req.body["content"];
+  // Replace potential newline characters in subject
+  const subject = req.body["subject"].replace(/\r?\n|\r/g, " ");
+  const body = req.body["content"]; //TODO: sanitize? Why? How?
 
-  // TODO: sanitize ?
   mailer(from, params.mail.contact, subject, body, err => {
     if (!!err)
       return res.json({errmsg:err});