diff options
| author | Marvin Borner | 2019-02-26 21:35:19 +0100 |
|---|---|---|
| committer | Marvin Borner | 2019-02-26 21:35:19 +0100 |
| commit | c2f243a467349f9417d081bb732562b15fcb7890 (patch) | |
| tree | bf7add0e77a7f077e5526b5882d1b2b194c7c6a6 /public | |
| parent | a17485261bcc89e8c5cf5d7b62c06494c0781a7a (diff) | |
Added some input sanitizing
Diffstat (limited to 'public')
| -rw-r--r-- | public/scripts/chat.js | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/public/scripts/chat.js b/public/scripts/chat.js index 65e1a98..12cceae 100644 --- a/public/scripts/chat.js +++ b/public/scripts/chat.js @@ -271,7 +271,7 @@ function chat() { async function receivedMessage(message, self = false) { if (self) { $('#messages') - .append(`<span style="color: green">${message}</span><br>`); + .append(`<span style="color: green">${sanitizeText(message)}</span><br>`); await encryption.storeMessage(connectedPeers[currentPeerIndex].peer, message, true); } else if (message.type === 'text') { await encryption.storeMessage(connectedPeers[currentPeerIndex].peer, message.data); @@ -280,14 +280,14 @@ function chat() { await encryption.getPeerPublicKey(connectedPeers[currentPeerIndex].peer), ) .then(plaintext => $('#messages') - .append(`<span>${plaintext}</span><br>`)); + .append(`<span>${sanitizeText(plaintext)}</span><br>`)); } else if (message.type === 'decrypted') { if (message.self) { $('#messages') - .append(`<span style="color: green">${message.message} - ${message.time}</span><br>`); + .append(`<span style="color: green">${sanitizeText(message.message)} - ${message.time}</span><br>`); } else { $('#messages') - .append(`<span>${message.message} - ${message.time}</span><br>`); + .append(`<span>${sanitizeText(message.message)} - ${message.time}</span><br>`); } } else if (message.type === 'file') { await processFile(message); @@ -305,7 +305,10 @@ function chat() { */ async function sendMessageFromInput() { const messageInput = $('#message'); - await sendMessage(messageInput.val()); + if (messageInput.val() + .replace(/\s/g, '') !== '') { + await sendMessage(messageInput.val()); + } messageInput.val(''); } @@ -347,7 +350,7 @@ function chat() { // REMEMBER: Use 'self' instead of 'true' when encrypting files! => TODO: Fix 'self' in files await encryption.storeMessage(connectedPeers[currentPeerIndex].peer, fileName, true); // TODO: Store files $('#messages') - .append(`<a href="${blobUrl}" download="${file.info.name}">${fileName}</a><br>`); + .append(`<a href="${blobUrl}" download="${sanitizeText(file.info.name)}">${sanitizeText(fileName)}</a><br>`); // TODO: Show file preview } @@ -364,6 +367,16 @@ function chat() { } /** + * Sanitizes a given string to prevent html/sql/... injection + * @param text + * @returns {string} + */ + function sanitizeText(text) { + return text.replace(/</g, '<') + .replace(/>/g, '>'); + } + + /** * Shows warning modal and deletes account */ function deleteAccount() { @@ -408,10 +421,12 @@ function chat() { }); $('[data-peer]') .removeClass('is-success'); - $(`[data-peer="${connectedPeers[currentPeerIndex].peer}"]`) - .addClass('is-success'); + if (connectedPeers[currentPeerIndex] !== undefined) { + $(`[data-peer="${connectedPeers[currentPeerIndex].peer}"]`) + .addClass('is-success'); + } } catch (err) { - console.error('You don\'t have any friends (yet).'); + console.error(err); } console.log('[LOG] Refreshed contact list'); } |