Sanitize chat messages more effectively

Question

Sanitize chat messages more effectively

jamesa opened this issue 10 years ago · 3 comments

jamesa commented 10 years ago

Saw some nefarious things going on, namely iframes, arbitrary javascript execution, redirects, HTML in messages.

Answer 1 · 2015-06-19T15:45:47.000Z

Thanks for the feedback, I added JsHtmlSanitizer .
https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer

Please reopen if you the problem again.

Answer 2 · 2015-06-19T18:50:37.000Z

@idoco Thanks for fixing this! By the way, can you point me in the right direction to getting this running on my machine? Specifically about this: https://github.com/idoco/map-chat/blob/gh-pages/javascript/main.js#L10 :) (Think I'm good with everything else.)

Answer 3 · 2015-06-22T20:50:03.000Z

Hi there @jamesa,
I fixed the main branch so it would be easier to run. There were several issues with instance specific values, like the maps api key and the server url. I think I fixed all of them so please fetch the changes and give it another try.

This is the change