diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/client/Main.hx | 25 | ||||
| -rw-r--r-- | src/client/Player.hx | 15 | ||||
| -rw-r--r-- | src/server/Main.hx | 20 |
3 files changed, 37 insertions, 23 deletions
diff --git a/src/client/Main.hx b/src/client/Main.hx index bfcc877..3a819b2 100644 --- a/src/client/Main.hx +++ b/src/client/Main.hx @@ -283,7 +283,7 @@ class Main { if (isLeader()) player.setTime(player.getTime(), false); case ClearChat: - ge("#messagebuffer").innerHTML = ""; + clearChat(); case ClearPlaylist: player.clearItems(); @@ -313,7 +313,7 @@ class Main { clientName: guestName.value } }); - ge("#messagebuffer").innerHTML = ""; + clearChat(); serverMessage(1); for (message in connected.history) { addMessage(message.name, message.text, message.time); @@ -349,7 +349,7 @@ class Main { form.value += ' ${el.title}'; form.focus(); } - smilesWrap.innerHTML = ""; + smilesWrap.textContent = ""; for (emote in config.emotes) { final img = document.createImageElement(); img.className = "smile-preview"; @@ -402,16 +402,16 @@ class Main { switch (type) { case 1: div.className = "server-msg-reconnect"; - div.innerHTML = Lang.get("msgConnected"); + div.textContent = Lang.get("msgConnected"); case 2: div.className = "server-msg-disconnect"; - div.innerHTML = Lang.get("msgDisconnected"); + div.textContent = Lang.get("msgDisconnected"); case 3: div.className = "server-whisper"; - div.innerHTML = time + text + " " + Lang.get("entered"); + div.textContent = time + text + " " + Lang.get("entered"); case 4: div.className = "server-whisper"; - div.innerHTML = time + text; + div.textContent = time + text; default: } msgBuf.appendChild(div); @@ -420,7 +420,7 @@ class Main { function updateUserList():Void { final userCount = ge("#usercount"); - userCount.innerHTML = clients.length + " " + Lang.get("online"); + userCount.textContent = clients.length + " " + Lang.get("online"); document.title = getPageTitle(); final list = new StringBuf(); @@ -438,6 +438,10 @@ class Main { return '$pageTitle (${clients.length})'; } + function clearChat():Void { + ge("#messagebuffer").textContent = ""; + } + function addMessage(name:String, text:String, ?time:String):Void { final msgBuf = ge("#messagebuffer"); final userDiv = document.createDivElement(); @@ -446,11 +450,11 @@ class Main { final tstamp = document.createSpanElement(); tstamp.className = "timestamp"; if (time == null) time = "[" + new Date().toTimeString().split(" ")[0] + "] "; - tstamp.innerHTML = time; + tstamp.textContent = time; final nameDiv = document.createElement("strong"); nameDiv.className = "username"; - nameDiv.innerHTML = name + ": "; + nameDiv.textContent = name + ": "; final textDiv = document.createSpanElement(); if (text.startsWith("/")) { @@ -460,6 +464,7 @@ class Main { text = filter.regex.replace(text, filter.replace); } } + text = text.htmlEscape(); textDiv.innerHTML = text; final isInChatEnd = msgBuf.scrollHeight - msgBuf.scrollTop == msgBuf.clientHeight; diff --git a/src/client/Player.hx b/src/client/Player.hx index c9b10a4..bee9a3c 100644 --- a/src/client/Player.hx +++ b/src/client/Player.hx @@ -5,6 +5,7 @@ import js.html.VideoElement; import js.Browser.document; import client.Main.ge; import Types.VideoItem; +using StringTools; using Lambda; class Player { @@ -63,16 +64,16 @@ class Player { } }); } - player.innerHTML = ""; + player.textContent = ""; player.appendChild(video); - ge("#currenttitle").innerHTML = item.title; + ge("#currenttitle").textContent = item.title; } public function addVideoItem(item:VideoItem, atEnd:Bool):Void { items.push(item); final itemEl = nodeFromString( '<li class="queue_entry pluid-0 queue_temp queue_active" title="${Lang.get("addedBy")}: ${item.author}"> - <a class="qe_title" href="${item.url}" target="_blank">${item.title}</a> + <a class="qe_title" href="${item.url}" target="_blank">${item.title.htmlEscape()}</a> <span class="qe_time">${duration(item.duration)}</span> <div class="qe_clear"></div> <div class="btn-group" style="display: inline-block;"> @@ -109,7 +110,7 @@ class Player { if (video == null) return; player.removeChild(video); video = null; - ge("#currenttitle").innerHTML = Lang.get("nothingPlaying"); + ge("#currenttitle").textContent = Lang.get("nothingPlaying"); } public function removeItem(url:String):Void { @@ -132,8 +133,8 @@ class Player { } function updateCounters():Void { - ge("#plcount").innerHTML = '${items.length} ${Lang.get("videos")}'; - ge("#pllength").innerHTML = totalDuration(); + ge("#plcount").textContent = '${items.length} ${Lang.get("videos")}'; + ge("#pllength").textContent = totalDuration(); } public function getItems():Array<VideoItem> { @@ -153,7 +154,7 @@ class Player { public function clearItems():Void { items.resize(0); - videoItemsEl.innerHTML = ""; + videoItemsEl.textContent = ""; updateCounters(); } diff --git a/src/server/Main.hx b/src/server/Main.hx index 271f6ea..9f7534c 100644 --- a/src/server/Main.hx +++ b/src/server/Main.hx @@ -180,12 +180,12 @@ class Main { sendClientList(); case Login: final name = data.login.clientName; - if (name.length == 0 || name.length > config.maxLoginLength + if (badNickName(name) || name.length > config.maxLoginLength || clients.getByName(name) != null) { send(client, {type: LoginError}); return; } - client.name = data.login.clientName; + client.name = name; client.isUser = true; send(client, { type: data.type, @@ -228,6 +228,7 @@ class Main { case AddVideo: final item = data.addVideo.item; + item.author = client.name; final localOrigin = '$localIp:$port'; if (item.url.indexOf(localOrigin) != -1) { item.url = item.url.replace(localOrigin, '$globalIp:$port'); @@ -245,13 +246,12 @@ class Main { case RemoveVideo: if (videoList.length == 0) return; final url = data.removeVideo.url; - if (videoList[0].url == url) { - videoTimer.stop(); - if (videoList.length > 0) restartWaitTimer(); - } + final isFirst = videoList[0].url == url; + if (isFirst) videoTimer.stop(); videoList.remove( videoList.find(item -> item.url == url) ); + if (isFirst && videoList.length > 0) restartWaitTimer(); broadcast(data); case Pause: @@ -368,6 +368,14 @@ class Main { } } + final htmlChars = ~/[&^<>'"]/; + + function badNickName(name:String):Bool { + if (name.length == 0) return true; + if (htmlChars.match(name)) return true; + return false; + } + var waitVideoStart:Timer; var loadedClientsCount = 0; |