/
index.html
186 lines (174 loc) · 6.55 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>let's get janky</title>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
<!-- Change script src to your server's address -->
<script src="https://192.168.1.33:8000/socket.io/socket.io.js"></script>
<!-- esapi4js core -->
<script type="text/javascript" language="JavaScript" src="https://192.168.1.33:8000/esapi4js/esapi.js"></script>
<!-- esapi4js dependencies -->
<script type="text/javascript" language="JavaScript" src="https://192.168.1.33:8000/esapi4js/lib/log4js.js"></script>
<!-- esapi4js i18n resources -->
<script type="text/javascript" language="JavaScript" src="https://192.168.1.33:8000/esapi4js/resources/i18n/ESAPI_Standard_en_US.properties.js"></script>
<!-- esapi4js configuration -->
<script type="text/javascript" language="JavaScript" src="https://192.168.1.33:8000/esapi4js/resources/Base.esapi.properties.js"></script>
<link href='http://fonts.googleapis.com/css?family=Asap' rel='stylesheet' type='text/css'>
<style type="text/css">
body, div, p {
font-family: 'Asap', sans-serif;
}
#messages {
vertical-align:top;overflow:auto;width:500px;height:150px;border-top:solid 1px gray;margin:auto;padding:0;text-align:left;display:inline-block;
}
#buddylist {
vertical-align:top;overflow:auto;width:150px;height:150px;border-top:solid 1px gray;margin:auto;margin-left:5px;text-align:left;display:inline-block;
}
#message {
width:657px;border:solid 1px gray;margin:auto;padding:0;
}
</style>
</head>
<body>
<div style="margin-left:auto;margin-right:auto; text-align:center;width:660px;height:180px;">
<div>
<h1>janky chat</h1>
<div id="messages">
<div class="inner"></div>
</div>
<div id="buddylist">
<div class="innerbud"></div>
</div>
</div>
<div style="margin-top:5px;">
<input type="text" id="message" />
</div>
<p>
<b>/clear </b> clear chat history<br/>
<b>/nick name</b> change alias
</p>
</div>
</body>
<script type="text/javascript"><!--
Base.esapi.properties.logging['ApplicationLogger'] = {
Level: org.owasp.esapi.Logger.ALL,
Appenders: [ new Log4js.ConsoleAppender() ],
LogUrl: true,
LogApplicationName: true,
EncodingRequired: true
};
Base.esapi.properties.application.Name = "Janky Chat v.1";
org.owasp.esapi.ESAPI.initialize();
// add message and scroll down if it needs for chat-like scrolling
function addMessage(message) {
var div = $('#messages');
var inner = $('#messages > .inner');
var needScroll = false;
var add=function() {
inner.html(inner.html() + message + "<br/>");
}
if (Math.abs(div[0].scrollHeight - div.scrollTop() - div.outerHeight()) < 5 ||
Math.abs(inner.offset().top) + div.height() + div.offset().top >= inner.outerHeight() ) {
add();
div.scrollTop(div[0].scrollHeight);
} else {
add();
}
}
// update buddy list
function updateBuddyList(list) {
var div = $('#buddylist');
var inner = $('#buddylist > .innerbud');
var needScroll = false;
var add=function() {
inner.html('');
$.each(list, function(key, value) {
inner.html(inner.html()+ key+"<br/>");
});
}
if (Math.abs(div[0].scrollHeight - div.scrollTop() - div.outerHeight()) < 5 ||
Math.abs(inner.offset().top) + div.height() + div.offset().top >= inner.outerHeight() ) {
add();
div.scrollTop(div[0].scrollHeight);
} else {
add();
}
add();
}
$(function(){
$('#message').keypress(function(e) {
var characterCode = (window.event) ? event.keyCode : e.keyCode;
if (characterCode == 13 && $('#message').val() != "") {
//Ensure no funny stuff leaves the users text field
var text = $ESAPI.encoder().encodeForHTML( $('#message').val() );
//on start set user nickname
if (nick == ""){
text = "/nick "+text.substr(0,20);
}
//search text for operations
if (text.search("/clear") == 0){
$('#messages > .inner').html("");
$('#message').val('');
return false;
}
if (text.search("/nick ") == 0){
if (nick != "")
delete clients[nick]
nick = text.split("/nick ")[1];
clients[nick] = 1;
updateBuddyList(clients);
socket.emit('setNick',nick);
$('#message').val('');
return false;
}
addMessage('you: '+ text);
socket.emit('message',text);
$('#message').val('');
return false;
} else {
return true;
}
});
$('#message').focus();
var clients = {};
var nick = "";
// change this address to match your server
var socket = io.connect('https://192.168.1.33:8000', {secure: true});
// addMessage("connecting...");
socket.on('connect', function() {
addMessage("> enter an alias...");
});
socket.on('message', function(data) {
if (nick != ""){
//Ensure no funny stuff is accepted as a message
var clean_data = $ESAPI.encoder().encodeForHTML( data );
addMessage(data["nick"]+ ": "+ data["data"]);
}
});
socket.on('serverMessage', function(data) {
if (nick != ""){
//Ensure no funny stuff is accepted as a server message
var clean_data = $ESAPI.encoder().encodeForHTML( data );
addMessage('> '+ clean_data);
}
});
socket.on('companyChange', function(data) {
//Ensure no funny stuff is accepted as a server
//In this method data is a JS object.
//ESAPI JavaScript encoder breaks JavaScript objects
//var clean_data = $ESAPI.encoder().encodeForJavaScript( data );
var clean_data = data;
var action = "";
if (nick != ""){
addMessage("> "+clean_data["message"]);
}
clients = clean_data["list"];
updateBuddyList(clients);
});
socket.on('disconnect', function(){
addMessage("disconnected");
});
});
//--></script>
</html>