chat: sanitize raw body

2022-11-16 08:00:04 -06:00 · 2022-11-16 08:00:04 -06:00 · d1197bac82
parent f1bfb87243
commit d1197bac82
2 changed files with 6 additions and 4 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -384,6 +384,7 @@ COMMENT_BODY_HTML_LENGTH_LIMIT = 20000 # do not make larger than 20000 character
 COMMENT_MAX_DEPTH = 200
 TRANSFER_MESSAGE_LENGTH_LIMIT = 200 # do not make larger than 10000 characters (comment limit) without altering the table
 MIN_REPOST_CHECK_URL_LENGTH = 9 # also change the constant in checkRepost() of submit.js
+CHAT_LENGTH_LIMIT = 1000
 TRUESCORE_DONATE_LIMIT = 100
 COSMETIC_AWARD_COIN_AWARD_PCT = 0.10
 TRUESCORE_CHAT_LIMIT = 0
@ -485,6 +486,8 @@ if SITE == 'rdrama.net':
 	SNAPPY_THREAD = 37749
 	NOTIFICATION_THREAD = 6489

+	CHAT_LENGTH_LIMIT = 200
+
 	TRUESCORE_CHAT_LIMIT = 10
 	TRUESCORE_GHOST_LIMIT = 10

--- a/files/routes/chat.py
+++ b/files/routes/chat.py
@ -59,14 +59,13 @@ def speak(data, v):

 	global messages, total

-	if SITE == 'rdrama.net': text = data['message'][:200].strip()
-	else: text = data['message'][:1000].strip()
+	text = sanitize_raw_body(data['message'], False)[:CHAT_LENGTH_LIMIT]
+	if not text: return '', 400

-	if not text: return '', 403
 	text_html = sanitize(text, count_marseys=True)
 	quotes = data['quotes']
 	recipient = data['recipient']
-	data={
+	data = {
 		"id": str(uuid.uuid4()),
 		"quotes": quotes,
 		"avatar": v.profile_url,