A super simple chatroom that is fast and secure
h
Vandesm14 (1286)

Hate the fact that you either don't have discord or don't have access to it? Well now you can enjoy the fun of human to human communication though LowChat, a high performance chat engine with a simplistic design. No need to worry about a company (or me) spying on you, just fork the repl to make it your own! LowChat features a logless chat engine, meaning all of your messages are never stored, only recieved by the other end and nothing else. If you would like to build a bot for LowChat, it's totally possible (rest api coming soon). It runs off of a single "message" event, allowing the ease of use by any bot maker!

This system is a bit wonky with a couple of extra security features which didn't work. I am in the process of polishing up the site to keep it working properly!

Cheers!
FAQ:
Admin commands? No, not yet.

You are viewing a single comment. View All
pyelias (923)

Your sanitize function doesn't work when given a string like <script 
>. You could fix this by just replacing all angle brackets with &lt; &gt; (I think, that might have problems too).

Vandesm14 (1286)

@pyelias Wait, do you mean it doesn't sanitize on your side? It's not supposed to. It only sanitizes for the other members.

pyelias (923)

@Vandesm14 No, I mean you can xss everyone in the chat by including a unicode line separator (u+2028) in an html tag. I've tested this on myself (in another tab) and other people.

Vandesm14 (1286)

@pyelias Ah. I will get to that as soon as possible. Thanks for telling me!

pyelias (923)

@Vandesm14 You also might want to stop sockets from initing multiple times, and from re-using names.