Results 1 to 9 of 9

Thread: Is there a character that the browser will ignore?

  1. #1
    Join Date
    Oct 2013

    Is there a character that the browser will ignore?

    We have a chat room that is html based. It has a filter that changes the word script to scriipt to keep people from messing up the room. Unfortunately, some have found other ways to mess up the room and I would like to have a javascript clear the room of messages when this happens. Is there a character I could put in the middle of the word script so the filter would not change it, but the browser would treat it as though that character were not inserted?



  2. #2
    Join Date
    Oct 2013
    Boston, MA
    I wouldn't go that route at all. This validation needs to be done server side before sending the message out to all users in the room.

    If you can tell me a little more about what the backend architecture looks like I may be able to help more. I've done large, complex javascript based chat room apps before using Node.js.

  3. #3
    Join Date
    Oct 2013
    Can't do anything server side. The chat room is no longer supported server side. If I had access to that this would be easy. So I can send a post with the javascript in it to clear the room. Any suggestions?



  4. #4
    Join Date
    Oct 2013
    Boston, MA
    Can you change the data passed around from a plain text string to either JSON or XML?

    For example, if the user typed "Hello World" into the chat and sent it you would send around that plus additional data (like a clear flag ). Here is some example JSON:

        "message": "<scriipt>alert('Hello World'</scriipt>",
        "validation" : 
            "is_dangerous": true,
            "text_to_remove" : ["<script>"]
    Then each client would inspect the is_dangerous field to see whether they should scrub out the given text. This is just an example and you could format however you wanted. The beauty of this is that it can all be done client side

  5. #5
    Join Date
    Oct 2013
    I will have to learn something about JSON. What I am trying to do is to have a program check the room every 4 minutes or so. If it sees that someone has posted code that would block people out it would send the code as a post to clear the room. Of course since the server would change script to scriipt this does not work. Would your solution work in this case? I cannot count on any code residing client side, only what I would send as a post to everyone. What I saw when looking at JSON is that it seems I would still need to get the word script into the code I send. I had hoped to just find a character I could embed in the word script that would be ignored by the browser. For instance, if the browser ignored the symbol, & I could send scr&ipt. Right now what we so if we want to use the word script in a post is send scr</>ipt. This works for the word in a sentence, but <scr</>ipt> will not work since the embeded </> ends the <> that surrounds script.

    A little complicated, but I hope clear. Does your solution solve this?



  6. #6
    Join Date
    Oct 2013
    Boston, MA
    Just so we are on the same page this is what you basically need to do correct?

    • Pull all text currently displayed in the room
    • Validate the input
    • If harmful data is found, tell all clients to clear the room

    Short answer to your original question is No, there is no character that the browser treats as an ignore character.
    Now you said you do not have access to the code on the server. Do you have any access to the client side javascript code? If so then I would do this a little differently. Why not modify the script so that the client code sanitizes all input before sending AND after receiving (The sanitation must be done on both sides because if it was only sanitized before sending the user could very simply side step that validation). This way you don't have to clear the entire room you will just not see the malicious data.

  7. #7
    Join Date
    Oct 2013
    Yes, U have the situation correct. The only client side code will be what I send them, embedded as a post to the room. Right now all that resides client side is the html from the web page that the server supplies. That is why it is so critical to get the word, script to go through. A typical post is sent to the room in like so :

    At 23:40 EDT on 10/3
    (99.999.999.999) -<b>"Adon"</b>:
    <br></dl></dd></ul></x></strike></title><basefont size=3></h1></h2></h3></h4></h5></h6></b></i></u></blink></a></font></center></form></plaintext></textarea></pre></xmp>

    Of course I changed the IP address to all 9s for anonymity. Is it possible to use CSS to wipe out every post by the offending user? Whatever I do all code will be sent as a post to the room and is subject to the filter that changes script to scriipt.

    THank U so much for your help. I really appreciate it. THis is really cool. I will keep thinking and reading your suggestions.

    THanks again,


  8. #8
    Join Date
    Mar 2007
    My suggestion is to move server so that you have access to the server.

    Web hosts these days are very cheap and many good hosting companies will not only include unlimited traffic and give you access to databases and serverside languages at no extra cost, avoid the ones that do charge for extras as they are not interested in providing service but make money.

    The hosting company I use includes doamin name in addition to unlimited everything for 30 a year. I am sure that you can find a host in your region that will be offering similar.
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  9. #9
    Join Date
    Oct 2013
    I wish. The site is years old and the owner does not give out the code for the site. If not for everyone being comfortable with the site as it is, I would create a Java based site. Any solution has to be code I can send as a post to the entire room.



Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center



X vBulletin 4.2.2 Debug Information

  • Page Generation 0.11310 seconds
  • Memory Usage 2,926KB
  • Queries Executed 13 (?)
More Information
Template Usage (33):
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (9)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates