From 0776d339090826ff52abb79498d9fd8788460865 Mon Sep 17 00:00:00 2001
From: Joe van der Zwet <me@joezwet.me>
Date: Fri, 16 Oct 2020 00:36:32 +1300
Subject: [PATCH] fix: prevent discord mention exploit

---
 app/imports/server/discord/sendWebhook.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/imports/server/discord/sendWebhook.js b/app/imports/server/discord/sendWebhook.js
index b88cae76..95eea823 100644
--- a/app/imports/server/discord/sendWebhook.js
+++ b/app/imports/server/discord/sendWebhook.js
@@ -4,6 +4,10 @@ export default function sendWebhook({webhookURL, message, options}){
   let urlArray = webhookURL.split('/');
   let token = urlArray.pop();
   let id = urlArray.pop();
+  
+  // prevent discord mention exploit
+  options.allowedMentions = { parse: [] };
+  
   const hook = new Discord.WebhookClient(id, token);
   // Send a message using the webhook
   hook.send(message, options)