forked from 0ad/0ad
Properly escape user chat.
This was SVN commit r16291.
This commit is contained in:
parent
37912c05ca
commit
486094298e
@ -71,18 +71,16 @@ function sortNameIgnoreCase(x, y)
|
|||||||
|
|
||||||
// ====================================================================
|
// ====================================================================
|
||||||
|
|
||||||
// Escape text tags and whitespace, so users can't use special formatting in their chats
|
/**
|
||||||
// Limit string length to 256 characters
|
* Escape tag start and escape characters, so users cannot use special formatting.
|
||||||
|
* Also limit string length to 256 characters (not counting escape characters).
|
||||||
|
*/
|
||||||
function escapeText(text)
|
function escapeText(text)
|
||||||
{
|
{
|
||||||
if (!text)
|
if (!text)
|
||||||
return text;
|
return text;
|
||||||
|
|
||||||
var out = text.replace(/[\[\]]+/g,"");
|
return text.substr(0, 255).replace(/\\/g, "\\\\").replace(/\[/g, "\\[");
|
||||||
out = out.replace(/\s+/g, " ");
|
|
||||||
|
|
||||||
return out.substr(0, 255);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ====================================================================
|
// ====================================================================
|
||||||
|
@ -506,7 +506,7 @@ function addChatMessage(msg, playerAssignments)
|
|||||||
var message;
|
var message;
|
||||||
if ("translate" in msg && msg.translate)
|
if ("translate" in msg && msg.translate)
|
||||||
{
|
{
|
||||||
message = translate(msg.text); // No need to escape, not a use message.
|
message = translate(msg.text); // No need to escape, not a user message.
|
||||||
if ("translateParameters" in msg && msg.translateParameters)
|
if ("translateParameters" in msg && msg.translateParameters)
|
||||||
{
|
{
|
||||||
var parameters = msg.parameters || {};
|
var parameters = msg.parameters || {};
|
||||||
|
Loading…
Reference in New Issue
Block a user