Fix possible Xscript exploit

Griatch · Griatch · commit da8df981cb91 · 2025-06-30T17:20:37.000+02:00
diff --git a/evennia/web/static/webclient/js/plugins/message_routing.js b/evennia/web/static/webclient/js/plugins/message_routing.js
@@ -52,8 +52,8 @@ let spawns = (function () {
     //
     // display a row with proper editting hooks
     var displayRow = function (formdiv, div, regexstring, tagstring) {
-	var regex = $('<input class="regex" type=text value="'+regexstring+'"/>');
-	var tag = $('<input class="tag" type=text value="'+tagstring+'"/>'); 
+	var regex = $.find('<input class="regex" type=text value="'+regexstring+'"/>');
+	var tag = $.find('<input class="tag" type=text value="'+tagstring+'"/>'); 
 	var del = $('<input class="delete-regex" type=button value="X"/>'); 
         regex.on('change', onAlterTag );
         regex.on('focusin', onFocusIn );
