KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #498 from zoff-music/fix/xss-local

Browse Source 
Fix for issue #496 and #497
This commit is contained in:
Kasper Rynning-Tønnesen
2019-03-22 18:02:29 +01:00
committed by GitHub
parent e2b2801728 4fab433f61
commit 54c7009fda
2 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/handlers/chat.js
View File

@@ -384,7 +384,7 @@ function namechange(data, guid, socket, tried, callback) {
function removename(guid, coll, socket) {
//coll = coll.replace(/ /g,'');
checkIfChatEnabled(coll, socket, function(enabled) {
if(enabled) return;
if(!enabled) return;
db.collection("user_names").find({"guid": guid}, function(err, docs) {
if(docs.length == 1) {
var old_name = docs[0].name;

33
server/public/assets/js/chat.js
View File

@@ -79,7 +79,6 @@ var Chat = {
var time = Helper.pad(_time.getHours()) + ":" + Helper.pad(_time.getMinutes());
color = Helper.hexToRgb(color.substring(0,6));
var color_temp = Helper.rgbToHsl([color.r, color.g, color.b], false);
document.querySelector("#" + add).insertAdjacentHTML("beforeend", "<li title='Zoff''><span class='time_color'>" + time + "</span> <img class='chat-icon' src='https://zoff.me/assets/images/favicon-32x32.png' alt='System'><span style='color:" + color_temp + ";'>System</span>: </li>");
var in_text = document.createTextNode(help[x]);
document.querySelector("#" + add).children[document.querySelector("#" + add).children.length - 1].appendChild(in_text);
@@ -96,6 +95,22 @@ var Chat = {
return;
},
createChatElement: function(allchat, channel, time, icon, color, from, message) {
var liElement = document.createElement("li");
liElement.innerHTML += "<span class='time_color'>" + time + "</span> " + icon;
var nameElement = document.createElement("span");
nameElement.innerText = from;
nameElement.style.color = color;
liElement.appendChild(nameElement);
if(allchat) {
liElement.title = channel;
liElement.innerHTML += "<span class='channel-info-all-chat'> " + channel + "</span>";
}
var in_text = document.createTextNode(message);
liElement.appendChild(in_text);
return liElement;
},
allchat: function(inp, time_sent, disable_blink) {
if(inp.msg.substring(0,1) == ":" && !chat_active && !disable_blink) {
Chat.all_received += 1;
@@ -132,9 +147,9 @@ var Chat = {
_time = new Date(time_sent);
}
var time = Helper.pad(_time.getHours()) + ":" + Helper.pad(_time.getMinutes());
document.querySelector("#chatall").insertAdjacentHTML("beforeend", "<li title='"+Helper.decodeChannelName(inp.channel)+"'><span class='time_color'>" + time + "</span> " + icon_add + "<span style='color:"+color_temp+";'>"+inp.from+"</span><span class='channel-info-all-chat'> " + Helper.decodeChannelName(inp.channel) + "</span></li>");
var in_text = document.createTextNode(inp.msg);
document.querySelector("#chatall").children[document.querySelector("#chatall").children.length - 1].appendChild(in_text);
var element = Chat.createChatElement(true, Helper.decodeChannelName(inp.channel), time, icon_add, color_temp, inp.from, inp.msg);
//document.querySelector("#chatall").insertAdjacentHTML("beforeend", element);
document.querySelector("#chatall").appendChild(element);
if(!userscroll) {
programscroll = true;
document.getElementById("chatall").scrollTop = document.getElementById("chatall").scrollHeight;
@@ -176,9 +191,13 @@ var Chat = {
_time = new Date(time_sent);
}
var time = Helper.pad(_time.getHours()) + ":" + Helper.pad(_time.getMinutes());
document.querySelector("#chatchannel").insertAdjacentHTML("beforeend", "<li><span class='time_color'>" + time + "</span> " + icon_add + "<span style='color:"+color_temp+";'>"+data.from+"</span></li>");
var in_text = document.createTextNode(data.msg);
document.querySelector("#chatchannel").children[document.querySelector("#chatchannel").children.length - 1].appendChild(in_text);
//document.querySelector("#chatchannel").insertAdjacentHTML("beforeend", "<li><span class='time_color'>" + time + "</span> " + icon_add + "<span style='color:"+color_temp+";'>"+data.from+"</span></li>");
//var in_text = document.createTextNode(data.msg);
//document.querySelector("#chatchannel").children[document.querySelector("#chatchannel").children.length - 1].appendChild(in_text);
var element = Chat.createChatElement(false, null, time, icon_add, color_temp, data.from, data.msg);
//document.querySelector("#chatall").insertAdjacentHTML("beforeend", element);
document.querySelector("#chatchannel").appendChild(element);
if(!userscroll) {
programscroll = true;
document.getElementById("chatchannel").scrollTop = document.getElementById("chatchannel").scrollHeight;