X-Git-Url: https://git.auder.net/js/rpsls.js?a=blobdiff_plain;ds=sidebyside;f=server%2Froutes%2Fmessages.js;h=3f13db4df78f1eca36c1c951fac7d92f4b3924f7;hb=c5c47010b5b50edbdd6bfc40a61ce716c6114e5a;hp=cd93b9fe5e23dc34475108610b9abdec7fa936a7;hpb=dac395887d96e2d642b209c6db6aaacc3ffacb34;p=vchess.git

diff --git a/server/routes/messages.js b/server/routes/messages.js
index cd93b9fe..3f13db4d 100644
--- a/server/routes/messages.js
+++ b/server/routes/messages.js
@@ -9,10 +9,10 @@ router.post("/messages", (req,res,next) => {
   if (!req.xhr)
     return res.json({errmsg: "Unauthorized access"});
   const from = req.body["email"];
-  const subject = req.body["subject"];
+  // Replace potential newline characters in subject
+  const subject = req.body["subject"].replace(/\r?\n|\r/g, " ");
   const body = req.body["content"];
 
-  // TODO: sanitize ?
   mailer(from, params.mail.contact, subject, body, err => {
     if (!!err)
       return res.json({errmsg:err});