summaryrefslogtreecommitdiffstats
path: root/chat/js
Commit message (Collapse)AuthorAgeFilesLines
* Update da.jsRonnie2016-08-231-3/+3
|
* cs, whitespace tabsPhilip Nicolcev2016-05-031-3/+1
|
* Update chat.jsRonnie2016-05-031-1/+2
|
* Merge pull request #199 from jsebean/masterPhilip Nicolcev2016-05-011-0/+2
|\ | | | | Prevent malicious user from forcing Logout
| * Prevent malicious user from forcing Logoutjsebean2015-03-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to the fact that AjaxChat does not use tokens to verify logouts were authorized by a chat user, a CSRF vulnerability was discovered that permitted a malicious chatter to post the chat's logout URL inside the img tags of a chat room, forcing all users, including moderators and administrators to log out. It also prevents further users to log in for a period of time due to the log inside the chat, until the image disappears from the log. This simple modification simple checks the URL inside the img code, checks for ?logout=true (part of the URL in ajax chat for logging out) and strips it. Ugly hack, but does the job. If one wanted to make it more complex they could also write it to check the domain and path of the chat, but doing so would allow someone to logout a user in one chat room who is logged in at the same time in another.
* | Fix up html5 support, don't load flash unless neededPhilip Nicolcev2016-05-011-65/+88
| |
* | cs, closing bracketPhilip Nicolcev2016-04-301-1/+2
| |
* | Merge branch 'html5audio' of https://github.com/jamrial/AJAX-Chat into ↵Philip Nicolcev2016-04-302-34/+93
|\ \ | | | | | | | | | | | | | | | | | | | | | jamrial-html5audio Conflicts: chat/js/chat.js chat/lib/template/loggedIn.html
| * | Add HTML5 audio supportJames Almer2013-04-262-30/+88
| | | | | | | | | | | | | | | | | | | | | By default the chat will test for Flash, and if it's not available it will fallback to HTML5 audio. If an specific backend is selected and the browser doesn't support it, nothing will be played. Signed-off-by: James Almer <jamrial@gmail.com>
* | | French lang typo. Closes #229Philip Nicolcev2016-04-251-1/+1
| |/ |/|
* | corrected error of language translation :Dbomdia2014-07-221-2/+2
| |
* | Merge from masterfrug2014-07-192-3/+3
|\ \
| * | use new addEvent function to bind events (see ↵Frug2014-07-011-13/+18
| | | | | | | | | | | | d31c9d807cb58f403ac427b05ad6fc6dc4deab3f)
| * | cleanupFrug2014-07-011-21/+34
| | |
| * | more cleanupFrug2014-07-011-3/+1
| | |
| * | cleanupFrug2014-07-011-5/+1
| | |
| * | cherry pick 14fcf5c from Sophist-UK for js debugSophist2014-07-012-17/+36
| | |
| * | add banned and custom user groups, from marquisite's original pull request ↵Frug2014-07-011-0/+2
| | | | | | | | | | | | 53dc6cab045162d4be4ff75c779f0bb0ebf47bf5
| * | play PM sound when sending PMsFrug2014-07-011-225/+231
| | |
| * | use custom PM sound (sound-7) in configFrug2014-07-012-46/+34
| | |
| * | handleCustomInfoMessage can override default handleInfoMessage by returning trueFrug2014-07-011-1/+4
| | |
* | | handleCustomInfoMessage can override default handleInfoMessage by returning trueFrug2014-07-191-0/+2
| | | | | | | | | | | | | | | Conflicts: chat/js/chat.js
* | | Merge a bunch of changes from testing. Responsive layout, themes, PM color ↵Frug2014-07-1911-1421/+1482
|/ / | | | | | | and sounds
* | Scroll on a 50ms delay to hopefully solve some autoscroll browser issuesFrug2014-07-011-1/+6
| |
* | show broken image on 404 to fix chrome autoscroll bugFrug2014-07-011-4/+4
| |
* | Strip all tags from [img] urlsFrug2014-06-291-2/+2
| |
* | clear DOM buffer before reporting failed xml syntax. This is the cause of ↵Frug2014-06-281-0/+1
| | | | | | | | the img tag crash exploit when putting newlines in an img tag
* | cleanupFrug2014-01-221-2/+2
| |
* | Adding private message sound capabilitymarquisite2014-01-161-1/+1
| | | | | | By default, the new sound_7 soundFile uses the existing sound_1.mp3 file. To have an actual unique sound for private messaging an extra sound clip will be needed the sound_7 sound file location updated - currently line 214 of config.js.
* | Adding private message sound capabilitymarquisite2014-01-111-2/+9
| |
* | Adding private message sound capabilitymarquisite2014-01-111-2/+5
| |
* | XML values are stringsFrug2013-12-171-5/+5
| |
* | regex simplificationFrug2013-11-131-78/+46
| |
* | Switch to Modified MIT LicenseFrug2013-11-0845-45/+45
| |
* | add /clear commandFrug2013-11-041-11/+19
| |
* | cleanup, no type coercionFrug2013-11-021-96/+96
| |
* | Merge pull request #71 from Clinteger/masterPhilip Nicolcev2013-11-011-1/+3
|\ \ | | | | | | Fix browser-crashing bug
| * | Stops linebreaks from being inserted in an entity immediately following the ↵Clint Harrison2013-03-241-1/+3
| |/ | | | | | | end of a tag.
* | Dutch localization for regular DutchFrug2013-11-012-90/+182
| |
* | Use array literal.Frug2013-11-011-10/+9
|/
* update bulgarian translationborislav2013-03-171-91/+91
|
* Update kr.jsIl'ya A. Lykov2013-03-061-26/+26
|
* Update no.jsIl'ya A. Lykov2013-03-051-22/+22
|
* var cleanupFrug2013-03-051-8/+9
|
* hoist var declarations, use implicit array/object declarationFrug2013-03-051-24/+26
|
* Update ru.jsIl'ya A. Lykov2013-03-051-2/+2
|
* spanish lang file to utf80.8.6-standaloneFrug2013-03-021-18/+18
|
* call setTimeout using anon functions, not quoted expressionsFrug2012-10-281-13/+15
|
* refactor forced update and status display. Remove option to click to refreshFrug2012-10-271-22/+40
|
* javascript cleanup for timer functions and config commentFrug2012-10-272-4/+10
|
* rename portuguese languages to pt-xxFrug2012-10-252-91/+91
|
* danish language code is da not dkFrug2012-10-251-0/+0
|
* Improved dutch translationFrug2012-10-251-39/+39
|
* added portuguese localizationFrug2012-10-211-0/+92
|
* added files for macedonian languageFrug2012-10-211-0/+9
|
* fixed estonian. added Thai.Frug2012-10-212-0/+183
|
* Updated everything to 0.8.5a0.8.5aFrug2012-10-1843-0/+7154
Update readme.md
generated by cgit v1.1 at 2025-06-07 11:42:31 +0000