diff --git a/package.json b/package.json
index 66d3a3b..9c33700 100644
--- a/package.json
+++ b/package.json
@@ -4,6 +4,7 @@
"version": "0.4.0",
"main": "server.js",
"dependencies": {
+ "dompurify": "^2.0.15",
"express": "3.4.x",
"socket.io": "0.9.x"
},
@@ -11,4 +12,4 @@
"node": "0.10.x",
"npm": "1.2.x"
}
-}
\ No newline at end of file
+}
diff --git a/server.js b/server.js
index 2e72800..9fbce4c 100644
--- a/server.js
+++ b/server.js
@@ -5,15 +5,18 @@ var express = require('express'),
users = [];
//specify the html we will use
app.use('/', express.static(__dirname + '/www'));
+app.use('/dompurify', express.static(__dirname + '/node_modules/dompurify/dist'));
//bind the server to the 80 port
//server.listen(3000);//for local test
server.listen(process.env.PORT || 3000);//publish to heroku
//server.listen(process.env.OPENSHIFT_NODEJS_PORT || 3000);//publish to openshift
//console.log('server started on port'+process.env.PORT || 3000);
//handle the socket
+
io.sockets.on('connection', function(socket) {
//new user login
socket.on('login', function(nickname) {
+ nickname = nickname.replace(/[^A-Za-z0-9]/g, '').substring(0,70);
if (users.indexOf(nickname) > -1) {
socket.emit('nickExisted');
} else {
@@ -38,6 +41,16 @@ io.sockets.on('connection', function(socket) {
});
//new image get
socket.on('img', function(imgData, color) {
- socket.broadcast.emit('newImg', socket.nickname, imgData, color);
+ socket.broadcast.emit('newImg', socket.nickname, noJSLink(imgData), color);
});
});
+
+function noJSLink(text){
+ var reg = /javascript\s*:\s*/
+ text = text.replace("/\s+/", "");
+ while (match = reg.exec(text)) {
+ text = text.replace(match[0], '');
+ reg.lastIndex=0;
+ }
+ return text;
+}
diff --git a/www/index.html b/www/index.html
index a63719b..de1e1d8 100644
--- a/www/index.html
+++ b/www/index.html
@@ -46,6 +46,7 @@ HiChat :)
view on GitHub | contact me
+