From cacea24aa6b540284f8697b9fd42afc34da25d70 Mon Sep 17 00:00:00 2001
From: Henry Hiles <henry@henryhiles.com>
Date: Mon, 28 Feb 2022 16:51:56 -0500
Subject: [PATCH] Added serverside check

---
 server.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index f172683..19129be 100644
--- a/server.js
+++ b/server.js
@@ -31,7 +31,11 @@ app.get("/", (_, res) => {
 })
 
 app.post("/", (req, res) => {
-    if (!req.body.room.trim() || rooms[req.body.room]) {
+    if (
+        !req.body.room.trim() ||
+        !/^[-a-z0-9]+$/i.test(req.body.room) ||
+        rooms[req.body.room]
+    ) {
         return res.redirect("/")
     }
     rooms[req.body.room] = { users: {} }