chat xdd protection

michaljaz · michaljaz · commit 8e6ffa7d85d4 · 2021-02-28T15:17:03.000+01:00
diff --git a/src/client/scripts/Chat.js b/src/client/scripts/Chat.js
@@ -53,10 +53,9 @@ class Chat {
     }
 
     log(message) {
-        const replacements = [[/&/g, "&amp;"], [/</g, "&lt;"], [/>/g, "&gt;"], [/"/g, "&quot;"]];
-        for (const replacement of replacements)
-            message = message.replace(replacement[0], replacement[1]);
-        $(".chat").append(`<span>${message}<br></span>`);
+        let elem = document.createElement("div");
+        elem.innerHTML = message + "<br>";
+        this.chatDiv.append(elem);
         this.scrollToBottom(this.chatDiv);
     }
 
diff --git a/src/index.js b/src/index.js
@@ -75,6 +75,18 @@ io.sockets.on("connection", function (socket) {
         socket.emit("kicked", reason);
     });
     bot.on("message", function (msg) {
+        let message = msg.extra[0].text;
+
+        const replacements = [
+            [/&/g, "&amp;"],
+            [/</g, "&lt;"],
+            [/>/g, "&gt;"],
+            [/"/g, "&quot;"],
+        ];
+        for (const replacement of replacements)
+            message = message.replace(replacement[0], replacement[1]);
+        msg.extra[0].text = message;
+
         socket.emit("msg", convert.toHtml(msg.toAnsi()));
     });
     bot.on("experience", function () {

Original file line number	Diff line number	Diff line change
`@@ -53,10 +53,9 @@ class Chat {`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`log(message) {`
`56`		`- const replacements = [[/&/g, "&"], [/</g, "<"], [/>/g, ">"], [/"/g, """]];`
`57`		`- for (const replacement of replacements)`
`58`		`- message = message.replace(replacement[0], replacement[1]);`
`59`		- $(".chat").append(`<span>${message}<br></span>`);
	`56`	`+ let elem = document.createElement("div");`
	`57`	`+ elem.innerHTML = message + "<br>";`
	`58`	`+ this.chatDiv.append(elem);`
`60`	`59`	`this.scrollToBottom(this.chatDiv);`
`61`	`60`	`}`
`62`	`61`