Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly sanitizes loaded messages in tgui chat #56001

Merged
merged 3 commits into from
Jan 8, 2021
Merged

Properly sanitizes loaded messages in tgui chat #56001

merged 3 commits into from
Jan 8, 2021

Conversation

LemonInTheDark
Copy link
Member

About The Pull Request

Properly sanitizes old messages in tgui chat, admins are now unable to make your chat toontown forever, only until you reload the window. The current implementation operates on a blacklist in conjunction with the
Oh also I added the <u> tag to the default sanitization list, and sorted it by name to remove duplicates.

DOMPurify has an internal whitelist that it preserves, the current blacklist is made to cut out the items we don't want out of that list, and preserve behavior in case the package updates the whitelist in future. If I'm missing any tags please let me know, see the whitelist for our version of the package here

I've noticed some hitching in testing, but I'm not sure if that's just my pc acting up or what. I'm honestly not sure what's causing it as the function I'm modifying here, loadChatFromStorage should only ever be called once on init. Might be worth a testmerge.

Why It's Good For The Game

image

Changelog

馃啈
admin: Chat messages that are more then text, so videos, embedded games, font changes, etc now get wiped when the chat is reloaded. NO MORE INFINITE WINGDINGS!
/:cl:

@tgstation-server tgstation-server added Administration As generous gods, we have deigned to throw the jannies a bone UI We make the game less playable, but with round edges labels Jan 6, 2021
@stylemistake
Copy link
Member

Cool, didn't even need to rebuild after this webedit.

@stylemistake stylemistake added the Security I'll be honest we don't even know why we have this label label Jan 8, 2021
@stylemistake stylemistake merged commit 4682fe3 into tgstation:master Jan 8, 2021
tgstation-server added a commit that referenced this pull request Jan 8, 2021
@tgstation-server
Automatic changelog generation for PR #56001 [ci skip]
729d0e8
@SkyratBot SkyratBot mentioned this pull request Jan 8, 2021
Merged
@AeonSS13 AeonSS13 mentioned this pull request Jan 8, 2021
Open
@jupyterkat jupyterkat mentioned this pull request Jan 13, 2021
Merged
@PolyTheParrot-PR PolyTheParrot-PR mentioned this pull request Jan 17, 2021
Merged
@AustationBot AustationBot mentioned this pull request Jan 17, 2021
Merged
@Bobbanz1 Bobbanz1 mentioned this pull request Nov 29, 2022
Closed
26 tasks
@itsmeow itsmeow mentioned this pull request Apr 7, 2023
Merged
26 tasks
@SinguloMirrorbot SinguloMirrorbot mentioned this pull request May 17, 2023
Closed
26 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stylemistake stylemistake Awaiting requested review from stylemistake stylemistake is a code owner

Assignees
No one assigned
Labels
Administration As generous gods, we have deigned to throw the jannies a bone Security I'll be honest we don't even know why we have this label UI We make the game less playable, but with round edges
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@LemonInTheDark @stylemistake @tgstation-server