search

0xjessel / calchat

CalChat is a web app that hosts chatrooms for every class and building on campus with the goal of connecting the cal campus community. By logging in with Facebook, students can talk to fellow students in the same building or class, make friends, find study partners, and stay in the loop.
calchat.net
3 stars 0 forks source link

Sanitize input #47

Closed pingpongboss closed 12 years ago

pingpongboss commented 12 years ago

Right now if you send this message <img src="https://graph.facebook.com/1063320428/picture?type=square"></img> stuff gets really messed up

0xjessel commented 12 years ago

LOL we definitely need to or i can start inserting NSFW images and dirty XSS scripts to everyone online.

i.e. type this into the chat window 

<script type='text/javascript'>alert('hax0r!!1')</script>
0xjessel commented 12 years ago

we should all join a chatroom and have some fun screwing up each other's calchat before fixing this (change background to some naughty pics)

0xjessel commented 12 years ago

everyone join the POOL chatroom, thats where the party at.

http://calchat.net:3000/chat/POOL

pingpongboss commented 12 years ago

Lol one of the "features" of linkify is that it fucks up the tags do u can't display pics. @ ping pong

0xjessel commented 12 years ago

um i think i just broke POOL. text input doesnt work anymore lol

pingpongboss commented 12 years ago

I'm guessing renderChatlog -> renderChatMessage is breaking since some old messages are rendered. I do enable #message when all lines are rendered. I think.