From b1afa3e9a980a40f3dff77df3ff049a43e7637a1 Mon Sep 17 00:00:00 2001
From: Akif9748 <akif9748@gmail.com>
Date: Sun, 28 Aug 2022 17:14:05 +0300
Subject: [PATCH] Ratelimit fix + replace html content in messages

---
 public/js/thread.js | 2 +-
 routes/register.js  | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/public/js/thread.js b/public/js/thread.js
index e74013b..77d9e50 100644
--- a/public/js/thread.js
+++ b/public/js/thread.js
@@ -20,7 +20,7 @@ function renderMessage(message) {
         <a href="/users/${message.author.id}"> ${message.author.name}</a>:
     </h2>
 
-    <p>${message.content.replaceAll("\n", "<br>")}</p><br>
+    <p>${message.content.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll("\"", "&quot;").replaceAll("'", "&#39;").replaceAll("\n", "<br>")}</p><br>
     <div id="message-delete-${message.id}">
     ${/* if */!message.deleted ?
             `
diff --git a/routes/register.js b/routes/register.js
index e18f78a..7d11d94 100644
--- a/routes/register.js
+++ b/routes/register.js
@@ -5,12 +5,12 @@ const rateLimit = require('express-rate-limit')
 
 const app = Router();
 
-app.get("/", (req, res) => res.reply("register", { user: null }));
-
-app.post("/", rateLimit({
+app.get("/", rateLimit({
     windowMs: 24 * 60 * 60_000, max: 1, standardHeaders: true, legacyHeaders: false,
     handler: (_r, response, _n, options) => response.error(options.statusCode, "You are begin ratelimited")
-}), async (req, res) => {
+}), (req, res) => res.reply("register", { user: null }));
+
+app.post("/", async (req, res) => {
     req.session.userid = null;