diff options
| author | jak1 <mike.wollmann@gmail.com> | 2021-08-02 00:46:29 +0200 |
|---|---|---|
| committer | jak1 <mike.wollmann@gmail.com> | 2021-08-02 00:46:29 +0200 |
| commit | 667bbe8ab13ec5598e89644a092715693d90d343 (patch) | |
| tree | 95dcd8805cbaa87feb409d67102e4365056d1a11 | |
| parent | 20c175440737d8e71799970887d965f116611233 (diff) | |
| download | thepixelworld-667bbe8ab13ec5598e89644a092715693d90d343.tar.gz thepixelworld-667bbe8ab13ec5598e89644a092715693d90d343.tar.bz2 thepixelworld-667bbe8ab13ec5598e89644a092715693d90d343.tar.xz thepixelworld-667bbe8ab13ec5598e89644a092715693d90d343.zip | |
don't change the 'Server:' message string
removed 1 extra whitespace from dm
added escapeHTML
| -rw-r--r-- | app.js | 27 |
1 files changed, 18 insertions, 9 deletions
@@ -15,6 +15,7 @@ app.use('/client', express.static(__dirname + '/client')); serv.listen(2000); console.log("Server started."); var SOCKET_LIST = {}; +const servermsg = "Server: "; const Entity = require('./server/Entities/Entity') const Player = require('./server/Entities/Player') @@ -95,12 +96,11 @@ io.sockets.on('connection', function(socket){ socket.on('sendMsgToServer', function(data){ if (data) for (var i in SOCKET_LIST){ - SOCKET_LIST[i].emit('addToChat', {ctimestamp: getTimeStamp(0), content: socket.playerName + ': ' + data, tab: "world"}); + SOCKET_LIST[i].emit('addToChat', {ctimestamp: getTimeStamp(0), content: socket.playerName + ': ' + escapeHTML(data), tab: "world"}); } }); socket.on('command', function(data){ - servermsg = "Server: "; modifyer = data[0]; command = data.slice(1).split(' '); @@ -114,16 +114,17 @@ io.sockets.on('connection', function(socket){ case "bc": res = joinArgs(command, 1, 0); for (var i in SOCKET_LIST){ - SOCKET_LIST[i].emit('addToChat', {ctimestamp: getTimeStamp(0), content: "<font color='red' weight='bold'>GlobalAnnounce: " + res + "</font>", tab: "world"}); + SOCKET_LIST[i].emit('addToChat', {ctimestamp: getTimeStamp(0), content: "<font color='red' weight='bold'>GlobalAnnounce: " + escapeHTML(res) + "</font>", tab: "world"}); } break; // @who (args: none) case "who": + res = servermsg; for (var i in Player.Player.list){ - servermsg+=Player.Player.list[i].playerName + ", "; + res+=Player.Player.list[i].playerName + ", "; } - socket.emit('addToChat', {ctimestamp: getTimeStamp(0), content: servermsg, tab:"any"}); + socket.emit('addToChat', {ctimestamp: getTimeStamp(0), content: res, tab:"any"}); break; // @where (args:[playername]) @@ -223,8 +224,8 @@ io.sockets.on('connection', function(socket){ for (var i in Player.Player.list){ if (Player.Player.list[i].playerName == command[1]){ - res = joinArgs(command, 2, 0); - socket.emit('addToChat', {ctimestamp: getTimeStamp(0), content: socket.playerName + " : " + res, tab: Player.Player.list[i].playerName}); + res = escapeHTML(joinArgs(command, 2, 0)); + socket.emit('addToChat', {ctimestamp: getTimeStamp(0), content: socket.playerName + ": " + res, tab: Player.Player.list[i].playerName}); SOCKET_LIST[Player.Player.list[i].id].emit('addToChat', {ctimestamp: getTimeStamp(0), content: socket.playerName + ": " + res, tab: socket.playerName}); found = true; break; @@ -258,7 +259,6 @@ io.sockets.on('connection', function(socket){ }); socket.on('evalServer', function(data){ - servermsg = "Server: "; hasPermission(socket.playerName, 80, function(res){ if (res) socket.emit('evalAnswer', eval(data)); @@ -319,4 +319,13 @@ addLeadingZero = function(n){ if (n <= 9) return "0"+n; return n; -}
\ No newline at end of file +} + +escapeHTML = function(unsafe) { + return unsafe + .replace(/&/g, "&") + .replace(/</g, "<") + .replace(/>/g, ">") + .replace(/"/g, """) + .replace(/'/g, "'"); + }
\ No newline at end of file |