moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix behavior of chat filter XSS

This commit is contained in:
calzoneman 2013-09-12 13:03:04 -05:00
parent 9d445b8ffd
commit 408f6626bb
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changelog
View File

@ -1,3 +1,7 @@
Thu Sep 12 13:01 2013 CDT
* lib/channel.js: Fix the XSS filter hack that allows style attributes
to allow more than one in a chat filter replacement
Wed Sep 11 22:13 2013 CDT Wed Sep 11 22:13 2013 CDT
* lib/channel.js, lib/user.js: Remove "afkers" array, replace afkcount * lib/channel.js, lib/user.js: Remove "afkers" array, replace afkcount
with a function that calculates how many users are eligible to with a function that calculates how many users are eligible to

5
lib/channel.js
View File

@ -1853,9 +1853,10 @@ Channel.prototype.tryUpdateFilter = function(user, f) {
var re = f.source; var re = f.source;
var flags = f.flags; var flags = f.flags;
// Temporary fix // Temporary fix
f.replace = f.replace.replace("style", "stlye"); // 2013-09-12 Temporary my ass
f.replace = f.replace.replace(/style/g, "stlye");
f.replace = sanitize(f.replace).xss(); f.replace = sanitize(f.replace).xss();
f.replace = f.replace.replace("stlye", "style"); f.replace = f.replace.replace(/stlye/g, "style");
try { try {
new RegExp(re, flags); new RegExp(re, flags);
} }