Share your repls and programming experiences

← Back to all posts
A super simple chatroom that is fast and secure
h
Vandesm14 (1285)

Hate the fact that you either don't have discord or don't have access to it? Well now you can enjoy the fun of human to human communication though LowChat, a high performance chat engine with a simplistic design. No need to worry about a company (or me) spying on you, just fork the repl to make it your own! LowChat features a logless chat engine, meaning all of your messages are never stored, only recieved by the other end and nothing else. If you would like to build a bot for LowChat, it's totally possible (rest api coming soon). It runs off of a single "message" event, allowing the ease of use by any bot maker!

This system is a bit wonky with a couple of extra security features which didn't work. I am in the process of polishing up the site to keep it working properly!

Cheers!
FAQ:
Admin commands? No, not yet.

Commentshotnewtop
pyelias (923)

Your sanitize function doesn't work when given a string like <script 
>. You could fix this by just replacing all angle brackets with &lt; &gt; (I think, that might have problems too).

Vandesm14 (1285)

@pyelias Wait, do you mean it doesn't sanitize on your side? It's not supposed to. It only sanitizes for the other members.

pyelias (923)

@Vandesm14 No, I mean you can xss everyone in the chat by including a unicode line separator (u+2028) in an html tag. I've tested this on myself (in another tab) and other people.

Vandesm14 (1285)

@pyelias Ah. I will get to that as soon as possible. Thanks for telling me!

pyelias (923)

@Vandesm14 You also might want to stop sockets from initing multiple times, and from re-using names.

bitnetwork (1)

You can do some XXS without it triggering the sanitize regex by not properly closing a tag like so: <img src='nonexistantfile.html' onerror='alert()'

Vandesm14 (1285)

@bitnetwork That's been fixed in the new update!

LD1 (17)

Amazing. Maybe add a password feature, so you can create a room, and set a password, so only those with the password can access

Vandesm14 (1285)

@LD1 That's planned in the next update!

Vandesm14 (1285)

@LD1 Wait, do you mean it doesn't sanitize on your side? It's not supposed to. It only sanitizes for the other members.

LD1 (17)

@Vandesm14 Did you mean to send that comment to pyelias?

Vandesm14 (1285)

@LD1 Uhh...Yes. Lol. My mistake!

LD1 (17)

Love the new update. I do think that it should ask you what you want your username to be, instead of you having to set a new one each time. I noticed that your using cookies, but it doesn't save your name/nickname for the next time or when you reload. It would be nice if it checked to see if you had a name saved in cookies before giving you a new random name

Vandesm14 (1285)

@LD1 It should be caching your username and the chatlogs. If it's not, make sure you have localStorage enabled.

LD1 (17)

@Vandesm14 Oh yeah. All my cookies get removed on reload. Lol sorry

Vandesm14 (1285)

Hello all! I am letting you guys know that I've updated the servers to Lowchat V2! V2 is much more secure and has way more commands than V1. I will ask that you place any feedback for Lowchat V2 here

Desireless (0)

Amazing, I liked the simplistic design!

Vandesm14 (1285)

@Desireless Thanks! It's supposed to be a bit nostalgic from the days of IRC.

JacksonCowie (21)

Great Project, looking forward to see this Develop!

Vandesm14 (1285)

@JacksonCowie Thanks. I'm working on fixing all of the issues and releasing a new update!

LD1 (17)

I noticed that if you type enough messages so it fills up the screen, instead of making the page longer, the messages just get closer together as you type.

LD1 (17)

I would appreciate it if the message bar stuck to the bottom of the page, and if you click on it, and your not at the bottom of the messages, then it sends you to the bottom.

Vandesm14 (1285)

@LD1 Fixing the chatlog is on the list. I'm not sure why it keeps breaking, but I will add auto-scroll as well!

[deleted]

Wow! This is great! I have one suggestion. Maybe on the homepage, you can provide urls to the most visited chatrooms. For example:

Most Popular Chatrooms:
1. /chatroom/
2. /coolthings/
3. /lowchatters/

Besides that, I think this has a lot of potential!

Vandesm14 (1285)

@ryaalbr Interesting idea. I'm thinking of making a link to the /root chatroom (which I use a bit). But a public listing of the active chatrooms might be a bit too much of a security problem as some people would want their rooms private. In the next update, this will most likely happen though as I am reworking the code to support admin commands and username registration.

LD1 (17)

@Vandesm14 You could show the most visited rooms, and the people who created the room can choose to have a password or not. That way, even if someone has a link to it, they still need a password if the room owner wants it that way.

Vandesm14 (1285)

@LD1 Good point. As password-protected rooms are coming soon, I will make sure to include this in the next update!

ash15khng (473)

Nice! I have a suggestion, could you add a way to join a room which is not by adding to a URL? (you can maybe add a text box?)

Vandesm14 (1285)

@ash15khng If you go to the homepage "/" there is an input box (autofocused) for you to input a room name. Should I make it more clear that there is an input box?

ash15khng (473)

@Vandesm14 Wow I didn't notice that sorry.

XavierDD (63)

Nice idea. Though it could be logged with a bot/program that is running in the server though, right?

Vandesm14 (1285)

@XavierDD Yes. You could have a bot track the messages in a room and store them to a log. But this is really difficult to detect and prevent so there isn't any current implementation of a protection against this.