Webatrice P.O.C. (#3854)

* port webclient POC into react shell * Abstract websocket messaging behind redux store * refactor architecture * add rooms store * introduce application service layer and login form * display room messages * implement roomSay * improve Room view styling * display room games * improve gameList update logic * hide protected games * improve game update logic * move mapping to earlier lifecycle hook * add autoscroll to bottom * tabs to spaces, refresh guard * implement server joins/leaves * show users in room * add material-ui to build * refactor, add room joins/leaves to store and render * begin using Material UI components * fix spectatorsCount * remove unused package * improve Server and Room styling * fix scroll context * route on room join * refactor room path * add auth guard * refactor authGuard export * add missing files * clear store on disconnect, add logout button to Account view * fix disconnect handling * Safari fixes * organize current todos * improve login page and server status tracking * improve login page * introduce sorting arch, refine reducers, begin viewLogHistory * audit fix for handlebars * implement moderator log view * comply with code style rules * remove original POC from codebase * add missing semi * minor improvements, begin registration functionality * retry as ws when wss fails additionally, dont mutate the default options when connecting * retain user/pass in WebClient.options for login * take protocol off of options, make it a connect param that defaults to wss * cleanup server page styling * match wss logic with desktop client * add virtual scroll component, add context menu to UserDisplay * revert VirtualTable on messages * improve styling for Room view * add routing to Player view * increase tooltip delay * begin implementing Account view * disable app level contextMenu * implement buddy/ignore list management * fix gitignore Co-authored-by: Jay Letto <jeremy.letto@merrillcorp.com> Co-authored-by: skwerlman <skwerlman@users.noreply.github.com> Co-authored-by: Jeremy Letto <jeremy.letto@datasite.com>
2026-04-27 07:48:01 -07:00 · 2020-12-31 16:08:15 -06:00 · 2020-12-31 16:08:15 -06:00 · 0457e65751
commit 0457e65751
parent d5b36e8b8a
152 changed files with 19573 additions and 1071 deletions
--- a/webclient/src/WebClient/util/sanitizeHtml.util.tsx
+++ b/webclient/src/WebClient/util/sanitizeHtml.util.tsx
@ -0,0 +1,51 @@
+import $ from "jquery";
+
+export function sanitizeHtml(msg) {
+  const $div = $("<div>").html(msg);
+  const whitelist = {
+    tags: "br,a,img,center,b,font",
+    attrs: ["href","color"],
+    href: ["http://","https://","ftp://","//"]
+  };
+
+  // remove all tags, attributes, and href protocols except some
+  enforceTagWhitelist($div, whitelist.tags);
+  enforceAttrWhitelist($div, whitelist.attrs);
+  enforceHrefWhitelist($div, whitelist.href);
+
+  return $div.html();
+}
+
+function enforceTagWhitelist($el, tags) {
+  $el.find("*").not(tags).each(function() {
+    $(this).replaceWith(this.innerHTML);
+  });
+}
+
+function enforceAttrWhitelist($el, attrs) {
+  $el.find("*").each(function() {
+    var attributes = this.attributes;
+    var i = attributes.length;
+    while( i-- ) {
+      var attr = attributes[i];
+      if( $.inArray(attr.name,attrs) === -1 )
+        this.removeAttributeNode(attr);
+    }
+  });
+}
+
+function enforceHrefWhitelist($el, hrefs) {
+  $el.find("[href]").each(function() {
+    const $_el = $(this);
+    const  attributeValue = $_el.attr("href");
+
+    for (let protocol in hrefs) {
+        if (attributeValue.indexOf(hrefs[protocol]) === 0) {
+            $_el.attr("target", "_blank");
+            return;
+        }
+    }
+
+    $_el.removeAttr("href");        
+  });
+}