Change sanitize-html back to the upstream module

NEWS.md

@@ -1,3 +1,14 @@
+2017-03-03
+==========
+
+The dependency on `sanitize-html`, which previously pointed to a fork, has now
+been switched back to the upstream module.  XSS filtering has been turned off
+for the chat filter replacement itself (since this provides no additional
+security), and is now only run on the final chat message after filtering.
+Certain chat filters and MOTDs which relied on syntactically incorrect HTML,
+such as unclosed tags, may have different behavior now, since `sanitize-html`
+fixes these.
+
 2016-11-02
 ==========
 

package.json

@@ -2,7 +2,7 @@
   "author": "Calvin Montgomery",
   "name": "CyTube",
   "description": "Online media synchronizer and chat",
-  "version": "3.30.4",
+  "version": "3.31.0",
   "repository": {
     "url": "http://github.com/calzoneman/sync"
   },
@@ -38,7 +38,7 @@
     "pug": "^2.0.0-beta3",
     "q": "^1.4.1",
     "redis": "^2.4.2",
-    "sanitize-html": "git://github.com/calzoneman/sanitize-html",
+    "sanitize-html": "^1.14.1",
     "serve-static": "^1.10.0",
     "socket.io": "^1.4.0",
     "socket.io-redis": "^1.0.0",

src/channel/filters.js

@@ -1,6 +1,5 @@
 var FilterList = require("cytubefilters");
 var ChannelModule = require("./module");
-var XSS = require("../xss");
 var Logger = require("../logger");
 
 /*
@@ -22,7 +21,6 @@ function validateFilter(f) {
     }
 
     f.replace = fixReplace(f.replace.substring(0, 1000));
-    f.replace = XSS.sanitizeHTML(f.replace);
     f.flags = f.flags.substring(0, 4);
 
     try {