real_tabasco_sauce/0ad
1
0
Fork 0
forked from 0ad/0ad
Code Pull Requests Actions Activity

Properly escape user chat.

Browse Source 
This was SVN commit r16291.
This commit is contained in:
leper 2015-02-08 01:24:23 +00:00
parent 37912c05ca
commit 486094298e
2 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
binaries/data/mods/public/gui/common/functions_utility.js
View File

@ -71,18 +71,16 @@ function sortNameIgnoreCase(x, y)
// ==================================================================== // ====================================================================
// Escape text tags and whitespace, so users can't use special formatting in their chats /**
// Limit string length to 256 characters * Escape tag start and escape characters, so users cannot use special formatting.
* Also limit string length to 256 characters (not counting escape characters).
*/
function escapeText(text) function escapeText(text)
{ {
if (!text) if (!text)
return text; return text;
var out = text.replace(/[\[\]]+/g,""); return text.substr(0, 255).replace(/\\/g, "\\\\").replace(/\[/g, "\\[");
out = out.replace(/\s+/g, " ");
return out.substr(0, 255);
} }
// ==================================================================== // ====================================================================

2
binaries/data/mods/public/gui/session/messages.js
View File

@ -506,7 +506,7 @@ function addChatMessage(msg, playerAssignments)
var message; var message;
if ("translate" in msg && msg.translate) if ("translate" in msg && msg.translate)
{ {
message = translate(msg.text); // No need to escape, not a use message. message = translate(msg.text); // No need to escape, not a user message.
if ("translateParameters" in msg && msg.translateParameters) if ("translateParameters" in msg && msg.translateParameters)
{ {
var parameters = msg.parameters || {}; var parameters = msg.parameters || {};