Filter bad words from claim address display name

-Also fix claim address success msg when 'Display Name' contains script tags

app.js

@@ -280,16 +280,30 @@ app.use('/ext/getaddresstxs/:address/:start/:length', function(req,res) {
 });
 
 app.post('/address/:hash/claim', function(req, res) {
-  lib.verify_message(req.body.address, req.body.signature, req.body.message, function(body) {
+  // initialize the bad-words filter
-    if (body == false) {
+  var bad_word_lib = require('bad-words');
-      res.json({'status': 'failed', 'error': true, 'message': 'Invalid signature'});
+  var bad_word_filter = new bad_word_lib();
-    } else if (body == true) {
+  
-      db.update_label(req.body.address, req.body.message, function() {
+  // clean the message (Display name) of bad words
-        res.json({'status': 'success'});
+  var message = bad_word_filter.clean(req.body.message);
-      });
+
-    } else
+  // check if the message was filtered
-      res.json({'status': 'failed', 'error': true, 'message': 'There was an error. Check your console.'});
+  if (message == req.body.message) {
-  });
+    // call the verifymessage api
+    lib.verify_message(req.body.address, req.body.signature, req.body.message, function(body) {
+      if (body == false) {
+        res.json({'status': 'failed', 'error': true, 'message': 'Invalid signature'});
+      } else if (body == true) {
+        db.update_label(req.body.address, req.body.message, function() {
+          res.json({'status': 'success'});
+        });
+      } else
+        res.json({'status': 'failed', 'error': true, 'message': 'There was an error. Check your console'});
+    });
+  } else {
+    // message was filtered which would change the signature
+    res.json({'status': 'failed', 'error': true, 'message': 'Display name contains bad words and cannot be saved: ' + message});
+  }
 });
 
 app.use('/ext/connections', function(req,res){

package.json

@@ -26,7 +26,8 @@
     "qr-image": "~3.2.0",
     "sass": "1.30.0",
     "json": "10.0.0",
-    "strip-json-comments-cli": "1.0.1"
+    "strip-json-comments-cli": "1.0.1",
+    "bad-words": "3.0.4"
   },
   "devDependencies": {
     "jasmine": "~3.6.3"

views/claim_address.pug

@@ -3,10 +3,13 @@ extends layout
 block content
   script.
     $(function () {
+        function displayAsText(str) {
+          return str.replace(/</g, '&#60;').replace(/>/g, '&#62;');
+        }
         function showClaimAlert(claimClass, warnMsg) {
           if ($('#claimAlert').length == 0)
             $('<div id="claimAlert"></div>').insertBefore('#claimForm');
-          $('#claimAlert').html('<div class="alert alert-' + claimClass + '"><div class="font-weight-bold" style="padding-bottom:10px;">' + (claimClass == 'success' ? 'Address claimed successfully' : (claimClass == 'danger' ? 'Failed to claim address' : 'Required field missing')) + '</div> ' + (claimClass == 'success' ? 'This address will now be referred to as <strong>"' + $('#message').val() + '"</strong> throughout the website' : (claimClass == 'danger' ? 'Invalid signature' : warnMsg)) + '.</div>');			
+          $('#claimAlert').html('<div class="alert alert-' + claimClass + '"><div class="font-weight-bold" style="padding-bottom:10px;">' + (claimClass == 'success' ? 'Address claimed successfully' : (claimClass == 'danger' ? 'Failed to claim address' : 'Required field missing')) + '</div> ' + (claimClass == 'success' ? 'This address will now be referred to as <strong>"' + displayAsText($('#message').val()) + '"</strong> throughout the website' : warnMsg) + '.</div>');			
         }
 
         $('#claimForm').on('submit', function (e) {
@@ -32,7 +35,7 @@ block content
                 'signature': signature
               },
               success: function (data) {
-                showClaimAlert((data.status == 'success' ? 'success' : 'danger'), '');
+                showClaimAlert((data.status == 'success' ? 'success' : 'danger'), data.message);
               }
             });
           }