CreeperVM/webapp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add dompurify support

Browse Source
This commit is contained in:
Elijah R 2024-04-10 16:53:55 -04:00
parent 21825fbdee
commit da9342180a
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config.example.json
View File

@ -16,6 +16,10 @@
],
"ServerAddressesListURI": null,
"NSFWVMs": ["vm0b0t"],
"RawMessages": {
"VMTitles": true,
"Messages": true
},
"Auth": {
"Enabled": false,
"APIEndpoint": "http://127.0.0.1:5858"

2
package.json
View File

@ -17,12 +17,14 @@
"@popperjs/core": "^2.11.8",
"bootstrap": "^5.3.2",
"dayjs": "^1.11.10",
"dompurify": "^3.1.0",
"nanoevents": "^7.0.1",
"simple-keyboard": "^3.7.53"
},
"devDependencies": {
"@hcaptcha/types": "^1.0.3",
"@types/bootstrap": "^5.2.10",
"@types/dompurify": "^3.0.5",
"@types/jest": "^29.5.12",
"jest": "^29.7.0",
"parcel": "^2.11.0",

6
src/ts/main.ts
View File

@ -15,6 +15,7 @@ import { I18nStringKey, TheI18n } from './i18n.js';
import { Format } from './format.js';
import AuthManager from './AuthManager.js';
import dayjs from 'dayjs';
import * as dompurify from 'dompurify';
// Elements
const w = window as any;
@ -363,7 +364,7 @@ async function multicollab(url: string) {
let cardBody = document.createElement('div');
cardBody.classList.add('card-body');
let cardTitle = document.createElement('h5');
cardTitle.innerHTML = vm.displayName;
cardTitle.innerHTML = Config.RawMessages.VMTitles ? vm.displayName : dompurify.sanitize(vm.displayName);
let usersOnline = document.createElement('span');
usersOnline.innerHTML = `(<i class="fa-solid fa-users"></i> ${online})`;
cardBody.appendChild(cardTitle);
@ -545,6 +546,7 @@ function sortUserList() {
function chatMessage(username: string, message: string) {
let tr = document.createElement('tr');
let td = document.createElement('td');
if (!Config.RawMessages.Messages) message = dompurify.sanitize(message);
// System message
if (username === '') td.innerHTML = message;
else {
@ -575,7 +577,7 @@ function chatMessage(username: string, message: string) {
tr.classList.add(msgclass);
td.innerHTML = `<b class="${userclass}">${username}▸</b> ${message}`;
// hacky way to allow scripts
Array.prototype.slice.call(td.children).forEach((curr) => {
if (Config.RawMessages.Messages) Array.prototype.slice.call(td.children).forEach((curr) => {
if (curr.nodeName === 'SCRIPT') {
eval(curr.text);
}