diff options
| author | sD <stoned@derpymail.org> | 2019-12-21 19:38:40 +0100 |
|---|---|---|
| committer | sD <stoned@derpymail.org> | 2019-12-21 19:38:40 +0100 |
| commit | 274b4bf10b4451336f739a2bedc8b9f503a9e00c (patch) | |
| tree | bcea748675e155f6487f8c155894bef600ec2218 /webAO/client.js | |
| parent | 5dfe268a6dd39f3578ebebbde177589a89f028c2 (diff) | |
replace escape with something that only deals with html
Diffstat (limited to 'webAO/client.js')
| -rw-r--r-- | webAO/client.js | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/webAO/client.js b/webAO/client.js index ed28819..dede895 100644 --- a/webAO/client.js +++ b/webAO/client.js @@ -55,6 +55,10 @@ console.info(`Your emulated HDID is ${hdid}`); let lastICMessageTime = new Date(0); +function safe_tags(str) { + return str.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>') ; +} + class Client extends EventEmitter { constructor(address) { super(); @@ -428,14 +432,14 @@ class Client extends EventEmitter { } const chatmsg = { - preanim: escape(args[2]).toLowerCase(), // get preanim + preanim: safe_tags(args[2]).toLowerCase(), // get preanim nameplate: msg_nameplate, // TODO: there's a new feature that let's people choose the name that's displayed name: args[3].toLowerCase(), - speaking: "(b)" + escape(args[4]).toLowerCase(), - silent: "(a)" + escape(args[4]).toLowerCase(), + speaking: "(b)" + safe_tags(args[4]).toLowerCase(), + silent: "(a)" + safe_tags(args[4]).toLowerCase(), content: this.prepChat(args[5]), // Escape HTML tags side: args[6].toLowerCase(), - sound: escape(args[7]).toLowerCase(), + sound: safe_tags(args[7]).toLowerCase(), blips: msg_blips, type: args[8], charid: args[9], @@ -510,14 +514,14 @@ class Client extends EventEmitter { */ async handleCharacterInfo(chargs, charid) { let cini = {}; - let icon = AO_HOST + "characters/" + escape(chargs[0]).toLowerCase() + "/char_icon.png"; + let icon = AO_HOST + "characters/" + safe_tags(chargs[0]).toLowerCase() + "/char_icon.png"; let img = document.getElementById(`demo_${charid}`); img.alt = chargs[0]; img.src = icon; // seems like a good time to load the icon // If the ini doesn't exist on the server this will throw an error try { - const cinidata = await request(AO_HOST + "characters/" + escape(chargs[0]).toLowerCase() + "/char.ini"); + const cinidata = await request(AO_HOST + "characters/" + safe_tags(chargs[0]).toLowerCase() + "/char.ini"); cini = INI.parse(cinidata); } catch(err) { cini = {}; @@ -535,10 +539,10 @@ class Client extends EventEmitter { cini.options = Object.assign(default_options, cini.options); this.chars[charid] = { - name: escape(chargs[0]), - showname: escape(cini.options.showname), - desc: escape(chargs[1]), - gender: escape(cini.options.gender).toLowerCase(), + name: safe_tags(chargs[0]), + showname: safe_tags(cini.options.showname), + desc: safe_tags(chargs[1]), + gender: safe_tags(cini.options.gender).toLowerCase(), evidence: chargs[3], icon: icon, inifile: cini @@ -607,8 +611,8 @@ class Client extends EventEmitter { this.evidences[i - 1] = { name: decodeChat(unescapeChat(arg[0])), desc: decodeChat(unescapeChat(arg[1])), - filename: escape(arg[2]), - icon: AO_HOST + "evidence/" + escape(arg[2].toLowerCase()) + filename: safe_tags(arg[2]), + icon: AO_HOST + "evidence/" + safe_tags(arg[2].toLowerCase()) }; } @@ -703,7 +707,7 @@ class Client extends EventEmitter { */ handleKK(args) { document.getElementById("client_loading").style.display = "flex"; - document.getElementById("client_loadingtext").innerHTML = "Kicked: " + escape(args[1]); + document.getElementById("client_loadingtext").innerHTML = "Kicked: " + safe_tags(args[1]); } /** @@ -713,7 +717,7 @@ class Client extends EventEmitter { */ handleKB(args) { document.getElementById("client_loading").style.display = "flex"; - document.getElementById("client_loadingtext").innerHTML = "You got banned: " + escape(args[1]); + document.getElementById("client_loadingtext").innerHTML = "You got banned: " + safe_tags(args[1]); } /** @@ -723,7 +727,7 @@ class Client extends EventEmitter { */ handleBD(args) { document.getElementById("client_loading").style.display = "flex"; - document.getElementById("client_loadingtext").innerHTML = "Banned: " + escape(args[1]); + document.getElementById("client_loadingtext").innerHTML = "Banned: " + safe_tags(args[1]); } /** @@ -746,14 +750,14 @@ class Client extends EventEmitter { * @param {Array} args packet arguments */ handleBN(args) { - viewport.bgname = escape(args[1]); - const bg_index = getIndexFromSelect("bg_select", escape(args[1])); + viewport.bgname = safe_tags(args[1]); + const bg_index = getIndexFromSelect("bg_select", safe_tags(args[1])); document.getElementById("bg_select").selectedIndex = bg_index; updateBackgroundPreview(); if (bg_index === 0) { document.getElementById("bg_filename").value = args[1]; } - document.getElementById("bg_preview").src = AO_HOST + "background/" + escape(args[1].toLowerCase()) + "/defenseempty.png"; + document.getElementById("bg_preview").src = AO_HOST + "background/" + safe_tags(args[1].toLowerCase()) + "/defenseempty.png"; if (this.charID === -1) { changeBackground("jud"); } else { @@ -1325,7 +1329,7 @@ class Viewport { this.sfxaudio.pause(); this.sfxplayed = 1; if (this.chatmsg.sound !== "0" && this.chatmsg.sound !== "1") { - this.sfxaudio.src = AO_HOST + "sounds/general/" + escape(this.chatmsg.sound.toLowerCase()) + ".wav"; + this.sfxaudio.src = AO_HOST + "sounds/general/" + safe_tags(this.chatmsg.sound.toLowerCase()) + ".wav"; this.sfxaudio.play(); } } |