www.webdeveloper.com
Results 1 to 9 of 9

Thread: Is there a character that the browser will ignore?

  1. #1
    Join Date
    Oct 2013
    Posts
    5

    Is there a character that the browser will ignore?

    We have a chat room that is html based. It has a filter that changes the word script to scriipt to keep people from messing up the room. Unfortunately, some have found other ways to mess up the room and I would like to have a javascript clear the room of messages when this happens. Is there a character I could put in the middle of the word script so the filter would not change it, but the browser would treat it as though that character were not inserted?

    Thanks,

    Jowi7440

  2. #2
    Join Date
    Oct 2013
    Location
    Boston, MA
    Posts
    13
    I wouldn't go that route at all. This validation needs to be done server side before sending the message out to all users in the room.

    If you can tell me a little more about what the backend architecture looks like I may be able to help more. I've done large, complex javascript based chat room apps before using Node.js.

  3. #3
    Join Date
    Oct 2013
    Posts
    5
    Can't do anything server side. The chat room is no longer supported server side. If I had access to that this would be easy. So I can send a post with the javascript in it to clear the room. Any suggestions?

    Thanks,

    Jowi7440

  4. #4
    Join Date
    Oct 2013
    Location
    Boston, MA
    Posts
    13
    Can you change the data passed around from a plain text string to either JSON or XML?

    For example, if the user typed "Hello World" into the chat and sent it you would send around that plus additional data (like a clear flag ). Here is some example JSON:

    Code:
    {
        "message": "<scriipt>alert('Hello World'</scriipt>",
        "validation" : 
        {
            "is_dangerous": true,
            "text_to_remove" : ["<script>"]
        }
    }
    Then each client would inspect the is_dangerous field to see whether they should scrub out the given text. This is just an example and you could format however you wanted. The beauty of this is that it can all be done client side

  5. #5
    Join Date
    Oct 2013
    Posts
    5
    I will have to learn something about JSON. What I am trying to do is to have a program check the room every 4 minutes or so. If it sees that someone has posted code that would block people out it would send the code as a post to clear the room. Of course since the server would change script to scriipt this does not work. Would your solution work in this case? I cannot count on any code residing client side, only what I would send as a post to everyone. What I saw when looking at JSON is that it seems I would still need to get the word script into the code I send. I had hoped to just find a character I could embed in the word script that would be ignored by the browser. For instance, if the browser ignored the symbol, & I could send scr&ipt. Right now what we so if we want to use the word script in a post is send scr</>ipt. This works for the word in a sentence, but <scr</>ipt> will not work since the embeded </> ends the <> that surrounds script.

    A little complicated, but I hope clear. Does your solution solve this?

    Thanks,

    Jowi

  6. #6
    Join Date
    Oct 2013
    Location
    Boston, MA
    Posts
    13
    Just so we are on the same page this is what you basically need to do correct?

    • Pull all text currently displayed in the room
    • Validate the input
    • If harmful data is found, tell all clients to clear the room


    Short answer to your original question is No, there is no character that the browser treats as an ignore character.
    Now you said you do not have access to the code on the server. Do you have any access to the client side javascript code? If so then I would do this a little differently. Why not modify the script so that the client code sanitizes all input before sending AND after receiving (The sanitation must be done on both sides because if it was only sanitized before sending the user could very simply side step that validation). This way you don't have to clear the entire room you will just not see the malicious data.

  7. #7
    Join Date
    Oct 2013
    Posts
    5
    Yes, U have the situation correct. The only client side code will be what I send them, embedded as a post to the room. Right now all that resides client side is the html from the web page that the server supplies. That is why it is so critical to get the word, script to go through. A typical post is sent to the room in like so :

    At 23:40 EDT on 10/3
    (99.999.999.999) -<b>"Adon"</b>:
    Hello
    <br></dl></dd></ul></x></strike></title><basefont size=3></h1></h2></h3></h4></h5></h6></b></i></u></blink></a></font></center></form></plaintext></textarea></pre></xmp>

    Of course I changed the IP address to all 9s for anonymity. Is it possible to use CSS to wipe out every post by the offending user? Whatever I do all code will be sent as a post to the room and is subject to the filter that changes script to scriipt.

    THank U so much for your help. I really appreciate it. THis is really cool. I will keep thinking and reading your suggestions.

    THanks again,

    Jowi

  8. #8
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,344
    My suggestion is to move server so that you have access to the server.

    Web hosts these days are very cheap and many good hosting companies will not only include unlimited traffic and give you access to databases and serverside languages at no extra cost, avoid the ones that do charge for extras as they are not interested in providing service but make money.

    The hosting company I use includes doamin name in addition to unlimited everything for 30 a year. I am sure that you can find a host in your region that will be offering similar.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  9. #9
    Join Date
    Oct 2013
    Posts
    5
    I wish. The site is years old and the owner does not give out the code for the site. If not for everyone being comfortable with the site as it is, I would create a Java based site. Any solution has to be code I can send as a post to the entire room.

    Thanks,

    Jowi

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles