topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday November 8, 2024, 7:57 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: jQuery plaintext to hyperlink issue  (Read 10113 times)

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
jQuery plaintext to hyperlink issue
« on: June 10, 2016, 03:01 PM »
Greetings all,

I am modifying some open source software to better suit my needs. This line right here in the software displays the time-stamp, username, and message of a currently chatting user. However, it appears that text is in plaintext and not an HTML element.

What I would like to do is something similar to this which converts plaintext links to actual hyperlinks. The messages sent through ajax, however, don't appear to be html elements/objects, so I can't just modify the HTML of the message.

Any advice on how I should modify the software to best suit my needs?

Any help would be greatly appreciated and thank you in advance!
If I do it more than 2 times I want to automate it in C#!

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,768
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #1 on: June 10, 2016, 04:24 PM »
Can't you run that regex code on the "text" variable from that highlighted line of code?

Specifically, use:

Code: Javascript [Select]
  1. // Set the regex string
  2. var regex = /(https?:\/\/([-\w\.]+)+(:\d+)?(\/([\w\/_\.]*(\?\S+)?)?)?)/ig
  3. // Replace plain text links by hyperlinks
  4. text = text.replace(regex, "<a href='$1' target='_blank'>$1</a>");

Between lines 154 and 155.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #2 on: June 10, 2016, 05:22 PM »
Can't you run that regex code on the "text" variable from that highlighted line of code?

Specifically, use:

Code: Javascript [Select]
  1. // Set the regex string
  2. var regex = /(https?:\/\/([-\w\.]+)+(:\d+)?(\/([\w\/_\.]*(\?\S+)?)?)?)/ig
  3. // Replace plain text links by hyperlinks
  4. text = text.replace(regex, "<a href='$1' target='_blank'>$1</a>");

Between lines 154 and 155.

Sadly no, the results are literal:
<a href='http://www.google.com' target='_blank'>http://www.google.com</a>
If I do it more than 2 times I want to automate it in C#!

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,768
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #3 on: June 10, 2016, 07:03 PM »
Sounds like you need to find out where the code escapes the HTML characters and un-escape it.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #4 on: June 10, 2016, 09:47 PM »
Sounds like you need to find out where the code escapes the HTML characters and un-escape it.
I am slightly new to javascript, but I think I have a fairly good basic grasp of reading it. I believe the escaping occurs somewhere here, not 100% how though...
If I do it more than 2 times I want to automate it in C#!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #5 on: June 11, 2016, 06:08 AM »
You'll probably want to hack in your handling in the cah.log.js - and you really, really, really want to be careful when dealing with user input.

The actual rendering of the text is this snippet:
Code: Javascript [Select]
  1. if (opt_allow_html) {
  2.     $(node[0]).html(full_msg);
  3.   } else {
  4.     $(node[0]).text(full_msg);
  5.   }

So a quick guess without looking at the rest of the codebase is that the user input isn't escaped, it's simply not rendered as html content. You could add escape-then-linkify to the text codepath and replace .text() with .html(), while hoping that whatever escaping method you use handles all the nasty corner cases :-)
- carpe noctem

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #6 on: June 11, 2016, 10:55 AM »
You'll probably want to hack in your handling in the cah.log.js - and you really, really, really want to be careful when dealing with user input.

The actual rendering of the text is this snippet:
Code: Javascript [Select]
  1. if (opt_allow_html) {
  2.     $(node[0]).html(full_msg);
  3.   } else {
  4.     $(node[0]).text(full_msg);
  5.   }

So a quick guess without looking at the rest of the codebase is that the user input isn't escaped, it's simply not rendered as html content. You could add escape-then-linkify to the text codepath and replace .text() with .html(), while hoping that whatever escaping method you use handles all the nasty corner cases :-)

Super amazing find! Thank you so much! And yes, now the trick is the escape handling as the messages are in
[timestamp]<username> message
format and the angle brackets eat the usernames!

Again thank you for pointing me in the right direction everyone!  :D
If I do it more than 2 times I want to automate it in C#!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #7 on: June 11, 2016, 12:14 PM »
Super amazing find! Thank you so much! And yes, now the trick is the escape handling as the messages are in
Quote

    [timestamp]<username> message

format and the angle brackets eat the usernames!
That's once concern - the biggest concern is security. You really don't want to execute random <script> blocks sent by malicious users :)
- carpe noctem

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #8 on: June 11, 2016, 12:46 PM »
Super amazing find! Thank you so much! And yes, now the trick is the escape handling as the messages are in
Quote

    [timestamp]<username> message

format and the angle brackets eat the usernames!
That's once concern - the biggest concern is security. You really don't want to execute random <script> blocks sent by malicious users :)
Oh no doubt that was my first though. Perhaps I'll just replace <script> tags altogether with null =P. I'm not too worried about my userbase at the moment and will brainstorm on some proper escape handling!
If I do it more than 2 times I want to automate it in C#!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #9 on: June 11, 2016, 02:30 PM »
Oh no doubt that was my first though. Perhaps I'll just replace <script> tags altogether with null =P. I'm not too worried about my userbase at the moment and will brainstorm on some proper escape handling!
Yeah, and if people expect a standard server and have access to the standard code, they might not expect script attacks to work - and it's even less of an issue if you run a strictly private server.

Still, it's nice to Do Things Properly. And don't write your own escaping, find some existing project - there's insane corner cases, including all sorts of unicode nastyness.
- carpe noctem

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #10 on: June 11, 2016, 03:54 PM »
Okay, so, none of that worked. At all. We just started a live game and the changes made only applied to the user's own messages. So urls would turn into hyperlinks only if you posted them, but no one else would see it as a hyperlink. The change also took away usernames for everyone else but the user playing.  :(
If I do it more than 2 times I want to automate it in C#!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #11 on: June 13, 2016, 11:50 AM »
Sounds like you did the change before sending out the message, rather than immediality before displaying it? Also sounds like you're not doing proper escaping of the messages.
- carpe noctem

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 132
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: jQuery plaintext to hyperlink issue
« Reply #12 on: June 13, 2016, 12:58 PM »
Sounds like you did the change before sending out the message, rather than immediality before displaying it? Also sounds like you're not doing proper escaping of the messages.

Not sure I'm following any of that at all.
If I do it more than 2 times I want to automate it in C#!