diff --git a/titanembeds/static/js/embed.js b/titanembeds/static/js/embed.js
index 7162f74..5389daf 100644
--- a/titanembeds/static/js/embed.js
+++ b/titanembeds/static/js/embed.js
@@ -288,6 +288,20 @@ function handle_last_message_mention() {
}
}
+function escapeHtml(unsafe) { /* http://stackoverflow.com/questions/6234773/can-i-escape-html-special-chars-in-javascript */
+ return unsafe
+ .replace(/&/g, "&")
+ .replace(//g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'");
+ }
+
+function nl2br (str, is_xhtml) { /* http://stackoverflow.com/questions/2919337/jquery-convert-line-breaks-to-br-nl2br-equivalent/ */
+ var breakTag = (is_xhtml || typeof is_xhtml === 'undefined') ? '
' : '
';
+ return (str + '').replace(/([^>\r\n]?)(\r\n|\n\r|\r|\n)/g, '$1'+ breakTag +'$2');
+}
+
function fill_discord_messages(messages, jumpscroll) {
if (messages.length == 0) {
return last_message_id;
@@ -301,7 +315,7 @@ function fill_discord_messages(messages, jumpscroll) {
message = format_bot_message(message);
message = parse_message_time(message);
message = parse_message_attachments(message);
- var rendered = Mustache.render(template, {"id": message.id, "full_timestamp": message.formatted_timestamp, "time": message.formatted_time, "username": message.author.username, "discriminator": message.author.discriminator, "content": message.content});
+ var rendered = Mustache.render(template, {"id": message.id, "full_timestamp": message.formatted_timestamp, "time": message.formatted_time, "username": message.author.username, "discriminator": message.author.discriminator, "content": nl2br(escapeHtml(message.content))});
$("#chatcontent").append(rendered);
last = message.id;
handle_last_message_mention();
diff --git a/titanembeds/templates/embed.html.j2 b/titanembeds/templates/embed.html.j2
index 23961ab..c8cc983 100644
--- a/titanembeds/templates/embed.html.j2
+++ b/titanembeds/templates/embed.html.j2
@@ -121,7 +121,7 @@
{% endraw %}