From 484b695965f367c75967507d60872a4b4ba8f7b4 Mon Sep 17 00:00:00 2001
From: calzoneman <calzoneman@gmail.com>
Date: Fri, 29 Aug 2014 15:47:56 -0500
Subject: [PATCH] Disallow ASCII control characters in messages

---
 lib/channel/chat.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/channel/chat.js b/lib/channel/chat.js
index 606d83b7..ce674612 100644
--- a/lib/channel/chat.js
+++ b/lib/channel/chat.js
@@ -116,7 +116,13 @@ ChatModule.prototype.handleChatMsg = function (user, data) {
         return;
     }
 
-    data.msg = data.msg.substring(0, 240);
+    // Limit to 240 characters, disallow all ASCII control characters except tab (\t)
+    data.msg = data.msg.substring(0, 240).replace(/[\x00-\x08\x0a-\x1f]+/g, " ");
+
+    // Disallow blankposting
+    if (!data.msg) {
+        return;
+    }
 
     if (!user.is(Flags.U_LOGGED_IN)) {
         return;