diff --git a/ChatTwo/ChatTwo.csproj b/ChatTwo/ChatTwo.csproj index 88a83fa..732e48a 100755 --- a/ChatTwo/ChatTwo.csproj +++ b/ChatTwo/ChatTwo.csproj @@ -55,7 +55,6 @@ - diff --git a/ChatTwo/Http/Processing.cs b/ChatTwo/Http/Processing.cs index 8ef0350..7d87ae0 100644 --- a/ChatTwo/Http/Processing.cs +++ b/ChatTwo/Http/Processing.cs @@ -1,16 +1,15 @@ using System.Globalization; +using System.Net; using ChatTwo.Code; using ChatTwo.Http.MessageProtocol; using ChatTwo.Util; using Dalamud.Game.Text.SeStringHandling.Payloads; -using Ganss.Xss; namespace ChatTwo.Http; public class Processing { private readonly Plugin Plugin; - private readonly HtmlSanitizer Sanitizer = new(); public Processing(Plugin plugin) { @@ -63,7 +62,7 @@ public class Processing // The emote name should be safe, it is checked against a list from BTTV. // Still sanitizing it for the extra safety. if (image is { Failed: false }) - return $""; + return $""; } var colour = text.Foreground; @@ -84,7 +83,9 @@ public class Processing userContent = Plugin.ChatLogWindow.HidePlayerInString(userContent, player.Name.TextValue, player.HomeWorld.Id); } - userContent = Sanitizer.Sanitize(userContent); + // HTML encode any user content to prevent xss + userContent = WebUtility.HtmlEncode(userContent); + if (text.Link is UriPayload uri) userContent = $"{userContent}"; diff --git a/ChatTwo/packages.lock.json b/ChatTwo/packages.lock.json index 1025f7b..ea40af7 100644 --- a/ChatTwo/packages.lock.json +++ b/ChatTwo/packages.lock.json @@ -17,17 +17,6 @@ "Unosquare.Swan.Lite": "3.1.0" } }, - "HtmlSanitizer": { - "type": "Direct", - "requested": "[8.1.870, )", - "resolved": "8.1.870", - "contentHash": "bQWYaKg8PrlgnhM9sPALl0UorpjWQkPTQiSTVyvm8imqF9lCLqBmtC0adUDi8xUYcdg6SJC+aHCw1MOjcg+Wnw==", - "dependencies": { - "AngleSharp": "[0.17.1]", - "AngleSharp.Css": "[0.17.0]", - "System.Collections.Immutable": "8.0.0" - } - }, "MessagePack": { "type": "Direct", "requested": "[2.5.140, )", @@ -71,23 +60,6 @@ "Watson.Core": "6.2.2" } }, - "AngleSharp": { - "type": "Transitive", - "resolved": "0.17.1", - "contentHash": "5MPI4bbixlwxb0W/smOMeIR+QlxMy5/5jD+WnIAw4pBC+7AhLPe5bS3cLgQMJyvd6q0A48sG+uYOt/ep406GLA==", - "dependencies": { - "System.Buffers": "4.5.1", - "System.Text.Encoding.CodePages": "6.0.0" - } - }, - "AngleSharp.Css": { - "type": "Transitive", - "resolved": "0.17.0", - "contentHash": "bg0AcugmX6BFEi/DHG61QrwRU8iuiX4H8LZehdIzYdqOM/dgb3BsCTzNIcc1XADn4+xfQEdVwJYTSwUxroL4vg==", - "dependencies": { - "AngleSharp": "[0.17.0, 0.18.0)" - } - }, "CavemanTcp": { "type": "Transitive", "resolved": "2.0.2", @@ -151,16 +123,6 @@ "SQLitePCLRaw.core": "2.1.6" } }, - "System.Buffers": { - "type": "Transitive", - "resolved": "4.5.1", - "contentHash": "Rw7ijyl1qqRS0YQD/WycNst8hUUMgrMH4FCn1nNm27M4VxchZ1js3fVjQaANHO5f3sN4isvP4a+Met9Y4YomAg==" - }, - "System.Collections.Immutable": { - "type": "Transitive", - "resolved": "8.0.0", - "contentHash": "AurL6Y5BA1WotzlEvVaIDpqzpIPvYnnldxru8oXJU2yFxFUy3+pNXjXd1ymO+RA0rq0+590Q8gaz2l3Sr7fmqg==" - }, "System.Memory": { "type": "Transitive", "resolved": "4.5.3", @@ -171,14 +133,6 @@ "resolved": "6.0.0", "contentHash": "/iUeP3tq1S0XdNNoMz5C9twLSrM/TH+qElHkXWaPvuNOt+99G75NrV0OS2EqHx5wMN7popYjpc8oTjC1y16DLg==" }, - "System.Text.Encoding.CodePages": { - "type": "Transitive", - "resolved": "6.0.0", - "contentHash": "ZFCILZuOvtKPauZ/j/swhvw68ZRi9ATCfvGbk1QfydmcXBkIWecWKn/250UH7rahZ5OoDBaiAudJtPvLwzw85A==", - "dependencies": { - "System.Runtime.CompilerServices.Unsafe": "6.0.0" - } - }, "System.Text.Encodings.Web": { "type": "Transitive", "resolved": "8.0.0",