Is there a character that the browser will ignore?
I wouldn't go that route at all. This validation needs to be done server side before sending the message out to all users in the room.
Can you change the data passed around from a plain text string to either JSON or XML?
For example, if the user typed "Hello World" into the chat and sent it you would send around that plus additional data (like a clear flag ). Here is some example JSON:
Then each client would inspect the is_dangerous field to see whether they should scrub out the given text. This is just an example and you could format however you wanted. The beauty of this is that it can all be done client side
"message": "<scriipt>alert('Hello World'</scriipt>",
"text_to_remove" : ["<script>"]
I will have to learn something about JSON. What I am trying to do is to have a program check the room every 4 minutes or so. If it sees that someone has posted code that would block people out it would send the code as a post to clear the room. Of course since the server would change script to scriipt this does not work. Would your solution work in this case? I cannot count on any code residing client side, only what I would send as a post to everyone. What I saw when looking at JSON is that it seems I would still need to get the word script into the code I send. I had hoped to just find a character I could embed in the word script that would be ignored by the browser. For instance, if the browser ignored the symbol, & I could send scr&ipt. Right now what we so if we want to use the word script in a post is send scr</>ipt. This works for the word in a sentence, but <scr</>ipt> will not work since the embeded </> ends the <> that surrounds script.
A little complicated, but I hope clear. Does your solution solve this?
Just so we are on the same page this is what you basically need to do correct?
- Pull all text currently displayed in the room
- Validate the input
- If harmful data is found, tell all clients to clear the room
Short answer to your original question is No, there is no character that the browser treats as an ignore character.
Yes, U have the situation correct. The only client side code will be what I send them, embedded as a post to the room. Right now all that resides client side is the html from the web page that the server supplies. That is why it is so critical to get the word, script to go through. A typical post is sent to the room in like so :
At 23:40 EDT on 10/3
Of course I changed the IP address to all 9s for anonymity. Is it possible to use CSS to wipe out every post by the offending user? Whatever I do all code will be sent as a post to the room and is subject to the filter that changes script to scriipt.
THank U so much for your help. I really appreciate it. THis is really cool. I will keep thinking and reading your suggestions.
My suggestion is to move server so that you have access to the server.
Web hosts these days are very cheap and many good hosting companies will not only include unlimited traffic and give you access to databases and serverside languages at no extra cost, avoid the ones that do charge for extras as they are not interested in providing service but make money.
The hosting company I use includes doamin name in addition to unlimited everything for £30 a year. I am sure that you can find a host in your region that will be offering similar.
... and please remember to wrap code with forum BBCode tags:-
[CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]
If you can't think outside the box, you will be trapped forever with no escape...
I wish. The site is years old and the owner does not give out the code for the site. If not for everyone being comfortable with the site as it is, I would create a Java based site. Any solution has to be code I can send as a post to the entire room.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)