[mirotalksfu] - fix xss

public/views/login.html

@@ -51,6 +51,9 @@
 
         <script src="https://unpkg.com/animejs@3.0.1/lib/anime.min.js"></script>
         <script src="https://unpkg.com/scrollreveal@4.0.0/dist/scrollreveal.min.js"></script>
+
+        <!-- xss -->
+        <script src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script>
     </head>
     <body class="is-boxed has-animations">
         <div class="body-wrap">
@@ -125,8 +128,8 @@
                                     };
 
                                     function login() {
-                                        let username = document.getElementById('username').value;
-                                        let password = document.getElementById('password').value;
+                                        const username = filterXSS(document.getElementById('username').value);
+                                        const password = filterXSS(document.getElementById('password').value);
 
                                         if (username && password) {
                                             window.location.href = `/login?username=${username}&password=${password}`;