From 2d734b9f00ac8728b0f81376b2f12b3b8b968f46 Mon Sep 17 00:00:00 2001 From: joeuhren <46763106+joeuhren@users.noreply.github.com> Date: Tue, 22 Dec 2020 18:06:40 -0700 Subject: [PATCH] Filter bad words from claim address display name -Also fix claim address success msg when 'Display Name' contains script tags --- app.js | 34 ++++++++++++++++++++++++---------- package.json | 3 ++- views/claim_address.pug | 7 +++++-- 3 files changed, 31 insertions(+), 13 deletions(-) diff --git a/app.js b/app.js index 9b3e90d..82d4cbb 100644 --- a/app.js +++ b/app.js @@ -280,16 +280,30 @@ app.use('/ext/getaddresstxs/:address/:start/:length', function(req,res) { }); app.post('/address/:hash/claim', function(req, res) { - lib.verify_message(req.body.address, req.body.signature, req.body.message, function(body) { - if (body == false) { - res.json({'status': 'failed', 'error': true, 'message': 'Invalid signature'}); - } else if (body == true) { - db.update_label(req.body.address, req.body.message, function() { - res.json({'status': 'success'}); - }); - } else - res.json({'status': 'failed', 'error': true, 'message': 'There was an error. Check your console.'}); - }); + // initialize the bad-words filter + var bad_word_lib = require('bad-words'); + var bad_word_filter = new bad_word_lib(); + + // clean the message (Display name) of bad words + var message = bad_word_filter.clean(req.body.message); + + // check if the message was filtered + if (message == req.body.message) { + // call the verifymessage api + lib.verify_message(req.body.address, req.body.signature, req.body.message, function(body) { + if (body == false) { + res.json({'status': 'failed', 'error': true, 'message': 'Invalid signature'}); + } else if (body == true) { + db.update_label(req.body.address, req.body.message, function() { + res.json({'status': 'success'}); + }); + } else + res.json({'status': 'failed', 'error': true, 'message': 'There was an error. Check your console'}); + }); + } else { + // message was filtered which would change the signature + res.json({'status': 'failed', 'error': true, 'message': 'Display name contains bad words and cannot be saved: ' + message}); + } }); app.use('/ext/connections', function(req,res){ diff --git a/package.json b/package.json index c68685f..cd8d83b 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,8 @@ "qr-image": "~3.2.0", "sass": "1.30.0", "json": "10.0.0", - "strip-json-comments-cli": "1.0.1" + "strip-json-comments-cli": "1.0.1", + "bad-words": "3.0.4" }, "devDependencies": { "jasmine": "~3.6.3" diff --git a/views/claim_address.pug b/views/claim_address.pug index bb625e8..9a2f0d5 100644 --- a/views/claim_address.pug +++ b/views/claim_address.pug @@ -3,10 +3,13 @@ extends layout block content script. $(function () { + function displayAsText(str) { + return str.replace(//g, '>'); + } function showClaimAlert(claimClass, warnMsg) { if ($('#claimAlert').length == 0) $('
').insertBefore('#claimForm'); - $('#claimAlert').html('
' + (claimClass == 'success' ? 'Address claimed successfully' : (claimClass == 'danger' ? 'Failed to claim address' : 'Required field missing')) + '
' + (claimClass == 'success' ? 'This address will now be referred to as "' + $('#message').val() + '" throughout the website' : (claimClass == 'danger' ? 'Invalid signature' : warnMsg)) + '.
'); + $('#claimAlert').html('
' + (claimClass == 'success' ? 'Address claimed successfully' : (claimClass == 'danger' ? 'Failed to claim address' : 'Required field missing')) + '
' + (claimClass == 'success' ? 'This address will now be referred to as "' + displayAsText($('#message').val()) + '" throughout the website' : warnMsg) + '.
'); } $('#claimForm').on('submit', function (e) { @@ -32,7 +35,7 @@ block content 'signature': signature }, success: function (data) { - showClaimAlert((data.status == 'success' ? 'success' : 'danger'), ''); + showClaimAlert((data.status == 'success' ? 'success' : 'danger'), data.message); } }); }