Hacker News new | past | comments | ask | show | jobs | submit | tejitopia's comments login

I changed the title to just 'Stop Trying To Be Perfect' as you're right about it initially being slightly misleading. But hey that's what it's about iterating until we get better and better. Thank you again for input. If you'd like I'd love for you to sign up to my weekly newsletter :) I think you might enjoy it

https://teji.io/library/newsletter


cheers bookmarkd


Thank you for the input :) appreciate your take. I 100% agree not even computers or code is perfect hence the continual iteration of systems and machines year after year.


Ok I think I fixed the XCC issue !


No more fun :)


Wow. It was working great at the start before people started spamming nsfw content and injecting html and css into the page. Will be taking down the site in the morning and working on version 2. I guess from this I can say there’s some demand?


Easy fix: In your script.js in the appendMessage function do this:

    const chatMessage = document.createElement("div");
    chatMessage.classList.add("chat-message");
    chatMessage.innerHTML = `<span class="username" style="color: ${color};">${username}:</span> `;
    const userMessage = document.createElement('span');
    span.innerText = message;
    chatMessage.appendChild(userMessage);
    chatContainer.appendChild(chatMessage);
    chatContainer.scrollTop = chatContainer.scrollHeight;


I love how people here actually check the source code of a website. So HN


It's unfortunate, though anything you make online now will be abused readily and should thus be hardened. By leaving it in the state it was, regular users were endangered.


Don't be dramatic, there was no danger.


Folks were spamming porn and posting your IP address to chat on your behalf. Being able to execute code in someone else’s browser is dangerous.


No it's not. Literally every website you visit can do that. It's called JavaScript and it's sandboxed.

You really think some rando that spins up a web server is significantly more trustworthy that a rando in a chat channel? Of course not, they're the same people.


Perhaps I might increase room limit to 10 users?

I'm trying to replicate the feeling of a hostel commonroom


Thank you for the feedback!

So far from users I've heard they want:

1) username visibility fix making sure all colors are visible 2) removal of xss 3) ability to see your own username (its just "you" rn) 4) dark mode

open to any and all suggestions :) my first full stack app. its cool seeing it being used


Don't show people entering and leaving. It clutters the chat, and you don't need to be notified of people leaving as the ephemerality of this is pretty explicit. Larger group sizes to maintain coherence. sanitize your inputs because this is REALLY NSFW now


This is a great comment. Will be implementing this in the next push.


Good luck polishing things up! I had a normal (non goatse'd) session the first try. It really recaptured the early internet vibe for me... loving your idea.


How can I fix this?


You can try escaping HTML submitted from the form. Or even simply detecting the presence of any HTML tag and rejecting such submissiobs with a friendly error message.


ah yes! i will do this in the next version. someone recomended leaving some of the xss elements like the image and video function with the old school chat vibes but I'm not sure what to do lmaooo


Old school chats and forums dealt with that with special limited markup language for formatting and embedding images or other special elements like youtube videos. Everything outside the limited markup options was treated as text with the replacement of < and > to HTML entities &lt; and &gt; meant to display HTML special characters in text. It was called BBcode, if I recall correctly. It looked something like that:

[b]bold[/b] [i]italic[/i] [img]example.com/image.jpg[/img] [youtube]youtube.com/watch?v=someVideo[/youtube]


I like to use a small utility function like this and pass user input through it.

  function asTextContent(input) {
    const tempElement = document.createElement('span');
    tempElement.textContent = input;
    return tempElement.innerHTML;
  }
It will let the browser handle the escaping.


How can I fix this? this is my first full stack app I've built and it's nice seeing users interact with the site


https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Sc...

Edit: this focuses on script tags and other means to inject code, but most defenses also work for other injected tags


thank you for this resource :) going to look into that.

first time figuring out opsec !


That’s my mum who submitted that. She was submitting from the perspective of stylistically timeless goods. The wayfarer is a staple pair of glasses that never goes out of fashion


Perhaps repair over replace might be a better concept. Since your right and ironically things like this only make people want to buy more stuff when people probably already have exactly what they need. Yesterday I realised I was wearing a crappy shirt that was over seven years old and it was still holding up great. Thanks for your comment you got me thinking about repositioning this!


Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: