forked from 0ad/0ad
Properly escape user chat.
This was SVN commit r16291.
This commit is contained in:
parent
37912c05ca
commit
486094298e
@ -71,18 +71,16 @@ function sortNameIgnoreCase(x, y)
|
||||
|
||||
// ====================================================================
|
||||
|
||||
// Escape text tags and whitespace, so users can't use special formatting in their chats
|
||||
// Limit string length to 256 characters
|
||||
/**
|
||||
* Escape tag start and escape characters, so users cannot use special formatting.
|
||||
* Also limit string length to 256 characters (not counting escape characters).
|
||||
*/
|
||||
function escapeText(text)
|
||||
{
|
||||
if (!text)
|
||||
return text;
|
||||
|
||||
var out = text.replace(/[\[\]]+/g,"");
|
||||
out = out.replace(/\s+/g, " ");
|
||||
|
||||
return out.substr(0, 255);
|
||||
|
||||
return text.substr(0, 255).replace(/\\/g, "\\\\").replace(/\[/g, "\\[");
|
||||
}
|
||||
|
||||
// ====================================================================
|
||||
|
@ -506,7 +506,7 @@ function addChatMessage(msg, playerAssignments)
|
||||
var message;
|
||||
if ("translate" in msg && msg.translate)
|
||||
{
|
||||
message = translate(msg.text); // No need to escape, not a use message.
|
||||
message = translate(msg.text); // No need to escape, not a user message.
|
||||
if ("translateParameters" in msg && msg.translateParameters)
|
||||
{
|
||||
var parameters = msg.parameters || {};
|
||||
|
Loading…
Reference in New Issue
Block a user