Comments (4)
not an XSS issue because it only affects the client side (apart from sending HTML tags I think);
Correction: Chat does not escape characters, but reduces its risk by deleting illegal characters before they can realistically be submitted, though some users are fast fingered enough to submit them when copy-pasting
I've already escaped symbols like quotes for database writes (to avoid errors), so this is easy to solve. Eventually, I want a the rewrite elements of the chat system so that there are no "forbidden characters"'; free input
from awtysm.
also the link you sent isn't a solution for the HTML input event; it's for escaping characters from files/URLs
from awtysm.
working on a solution with this: https://stackoverflow.com/questions/6234773/can-i-escape-html-special-chars-in-javascript
from awtysm.
fixed and supports all input
from awtysm.
Related Issues (20)
- Upon loading session.html, a message, "undefined" is displayed. HOT 3
- Message is sent on session.html when logo is pressed HOT 2
- html and javascript can be sent and are rendered in the chat (also javascript) HOT 3
- If the message is empty, but there are spaces, the message still gets sent HOT 1
- Remove anonymity from chat; use users' usernames to indicate identity HOT 2
- Add background photo to menu.html
- show message when user connects to chat HOT 1
- change name of 'Topics' dropdown (find something more fitting) HOT 1
- username's Dashboard text merges vertically on mobile view
- log messages (by storing them in a sql table) HOT 2
- Write a web service that transfers logged messages over to some kind of storage server when capacity becomes a problem HOT 2
- Draw out application architecture and paste in README HOT 1
- In session.html, any data wrapped with, or containing single quotes, causes a database error (though the database remains open and logs them)
- after first issue is closed; find a way to support all input characters without any bugs/vulnerabilities HOT 2
- Add user identity to User Connected message HOT 1
- Implement TLS/SSL (https and wss) HOT 1
- Prepare for deployment by implementing an nginx proxy or something of the sorts. HOT 1
- Add direct messages/direct messaging system
- Port application to mobile/adjust UI for mobile aspect ratios HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awtysm.