Chat with your friends!

ChickenG1ttrDev · May 28, 2023, 8:55pm

Can I help with the formatting and css?
Just make the shapes more consistent, better on mobile devices, and some tiny tweaks

element1010 · May 29, 2023, 12:18am

I’m really not working on that anymore.

Darkoknight · June 28, 2023, 12:34pm

Pls can i be admin i want to help make the chat a better place

OmegaOrbitals · June 28, 2023, 3:17pm

If you get admin, please unban Matt.

element1010 · June 29, 2023, 12:34am

Well, everyone was warned to not try XSS, even for testing, or they would get banned by the filters.

Am I correct @MattDESTROYER?

MattDESTROYER · June 29, 2023, 1:16am

I might have succeeded … lol

(and then got myself banned again trying to push the limits lol)

I recommend trying some RegEx like this: <\w+.*( *on\w+ *= *('|").*('|"))+.*?.*> (case insensitive as well, gmi is what I would do) to be more successfull with catching XSS that exploits on attributes. Here’s a demo of that RegEx…

Firepup650 · June 29, 2023, 1:16am

Hm. What if, and hear me out, I distribute an CSS injector to everyone, so then you can’t ban them all?

python660 · June 29, 2023, 4:39am

Try using DOMPurify or something similar rather than playing whack-a-mole but with exploits and XSS attacks.

python660 · June 29, 2023, 4:48am

or instead, just replace the following:

< <!----> &lt;
> <!----> &gt;
& <!----> &amp;
" <!----> &quot;
' <!----> &apos;
<!-- Correct me if I'm wrong -->

MattDESTROYER · June 29, 2023, 5:03am

That would prevent using HTML within posts, which from what I understood was intentional, although since you can use markdown it may be pointless and worth it

python660 · June 29, 2023, 5:04am

you could either…

Implement custom exceptions that manually add in the few html tags supported by MD
Not use HTML in MD, and create your own standards because HTML is quite dangerous

python660 · June 29, 2023, 5:06am

For example, I tried using markdown, but the styling and the XSS filtering was kinda messed up. personally, you don’t need HTML in MD (unless you need a summary/details group, which could be easily implemented by creating your own standards or by not implementing it at all)

QwertyQwerty88 · June 29, 2023, 5:28am

The Markdown converter Element got converts to HTML…

python660 · June 29, 2023, 12:50pm

By removing certain characters, you are essentially making your users have to guess what the XSS filter will do with the message. For example, transferring code snippets would be impossible due to the removal of certain characters.

element1010 · June 29, 2023, 2:08pm

At the time, I didn’t know, and still now, I don’t have much clue about it.

What do you mean by that?

@QwertyQwerty88 Also, I was looking through the code and saw this:

# Thanks to Phind

Who is Phind? @python660?

python660 · June 29, 2023, 3:56pm

not me, my name starts with J

QwertyQwerty88 · June 29, 2023, 8:32pm

Typo

https://www.phind.com/

Not enough people know about him

SalladShooter · June 30, 2023, 12:33am

@element1010 you should add the time posts were posted.

element1010 · June 30, 2023, 1:02am

Yes, I’m planning on that.

anon40284853 · June 30, 2023, 2:01am

I personally prefer x {units} ago as that way you can take a screenshot without having to blur out your timezone. Perhaps you could add that too as a toggled feature?