From 8481e3df5f794e7b15d6e45bc4b3e1e457b338b8 Mon Sep 17 00:00:00 2001
From: kalmare <kalmare01@gmail.com>
Date: Thu, 28 Dec 2017 18:17:39 +0900
Subject: [PATCH] Fixed Vulnerable of Cross Site Scripting

---
 website/static/miner_stats.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/website/static/miner_stats.js b/website/static/miner_stats.js
index e5047a5..36b53c3 100644
--- a/website/static/miner_stats.js
+++ b/website/static/miner_stats.js
@@ -178,7 +178,11 @@ function updateWorkerStats() {
 function addWorkerToDisplay(name, htmlSafeName, workerObj) {
 	var htmlToAdd = "";
 	htmlToAdd = '<div class="boxStats" id="boxStatsLeft" style="float:left; margin: 9px; min-width: 260px;"><div class="boxStatsList">';
-	htmlToAdd+='<div class="boxLowerHeader">'+name+'</div><div>';
+	if (htmlSafeName.indexOf("_") >= 0) {
+		htmlToAdd+= '<div class="boxLowerHeader">'+htmlSafeName.substr(htmlSafeName.indexOf("_")+1,htmlSafeName.length)+'</div>';
+	} else {
+		htmlToAdd+= '<div class="boxLowerHeader">noname</div>';
+	}
 	htmlToAdd+='<div><i class="fa fa-tachometer"></i> <span id="statsHashrate'+htmlSafeName+'">'+getReadableHashRateString(workerObj.hashrate)+'</span> (Now)</div>';
 	htmlToAdd+='<div><i class="fa fa-tachometer"></i> <span id="statsHashrateAvg'+htmlSafeName+'">'+getReadableHashRateString(calculateAverageHashrate(name))+'</span> (Avg)</div>';
 	htmlToAdd+='<div><i class="fa fa-shield"></i> <small>Diff:</small> <span id="statsDiff'+htmlSafeName+'">'+workerObj.diff+'</span></div>';