From 408f6626bb4f81605d5bcc5b0dcef217a5ff2158 Mon Sep 17 00:00:00 2001
From: calzoneman <calzoneman@gmail.com>
Date: Thu, 12 Sep 2013 13:03:04 -0500
Subject: [PATCH] Fix behavior of chat filter XSS

---
 changelog      | 4 ++++
 lib/channel.js | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/changelog b/changelog
index f6cdde08..57571d0e 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,7 @@
+Thu Sep 12 13:01 2013 CDT
+    * lib/channel.js: Fix the XSS filter hack that allows style attributes
+      to allow more than one in a chat filter replacement
+
 Wed Sep 11 22:13 2013 CDT
     * lib/channel.js, lib/user.js: Remove "afkers" array, replace afkcount
       with a function that calculates how many users are eligible to
diff --git a/lib/channel.js b/lib/channel.js
index f61e752d..95157126 100644
--- a/lib/channel.js
+++ b/lib/channel.js
@@ -1853,9 +1853,10 @@ Channel.prototype.tryUpdateFilter = function(user, f) {
     var re = f.source;
     var flags = f.flags;
     // Temporary fix
-    f.replace = f.replace.replace("style", "stlye");
+    // 2013-09-12 Temporary my ass
+    f.replace = f.replace.replace(/style/g, "stlye");
     f.replace = sanitize(f.replace).xss();
-    f.replace = f.replace.replace("stlye", "style");
+    f.replace = f.replace.replace(/stlye/g, "style");
     try {
         new RegExp(re, flags);
     }