your-land/bugtracker
your-land
/
bugtracker
44
20
Code Issues 2.5k Projects 2 Wiki

strip escape codes from player-supplied input #3925

New Issue
Closed
opened 2023-03-04 01:15:14 +00:00 by flux · 9 comments
flux commented 2023-03-04 01:15:14 +00:00
Member
Copy Link

someone has been abusing this, see your-land/reports#509

we can certainly strip color codes out of any chat message sent by a user, if we so wish. i can't see any reason why we'd want that enabled.

and if color codes are possible, it should also be possible to send translator codes, which has ... weird possibilities, but i don't think anything malicious. but probably those should be stripped too.

someone has been abusing this, see https://gitea.your-land.de/your-land/reports/issues/509 we can certainly strip color codes out of any chat message sent by a user, if we so wish. i can't see any reason why we'd want that enabled. and if color codes are possible, it should also be possible to send translator codes, which has ... weird possibilities, but i don't think anything malicious. but probably those should be stripped too.
flux added the
1. kind/enhancement
3. source/integration
 labels 2023-03-04 01:15:14 +00:00
AliasAlreadyTaken commented 2023-03-04 15:52:54 +00:00
Owner
Copy Link

That's a UI problem and this is my approach:

DMs, Basic chat, be it in channels or in the open need to be decided by the RECEIVER which colour they are in, because they may have a preference, disability or use case for a certain colour.

Books, posters and signposts, anything that a receiver can opt out of receiving may be the colour the SENDER decides on.

Those colours should be configurable via yl_settings per account.

So, yes, let's strip colour codes out of messages for now until yl_settings.

That's a UI problem and this is my approach: DMs, Basic chat, be it in channels or in the open need to be decided by the RECEIVER which colour they are in, because they may have a preference, disability or use case for a certain colour. Books, posters and signposts, anything that a receiver can opt out of receiving may be the colour the SENDER decides on. Those colours should be configurable via yl_settings per account. So, yes, let's strip colour codes out of messages for now until yl_settings.
flux commented 2023-03-04 17:28:14 +00:00
Author
Member
Copy Link

Books, posters and signposts, anything that a receiver can opt out of receiving may be the colour the SENDER decides on.

i think those have their own way of coloring text, and don't require "actual" escape sequences involving \033?

> Books, posters and signposts, anything that a receiver can opt out of receiving may be the colour the SENDER decides on. i think those have their own way of coloring text, and don't require "actual" escape sequences involving `\033`?
flux commented 2023-03-04 17:56:28 +00:00
Author
Member
Copy Link

@AliasAlreadyTaken actually it seems like stripping color codes from chat is not something that's easy to do in lua, but there's a setting e66e583f5e/builtin/settingtypes.txt (L733-L735) strip_color_codes = true in minetest.conf

EDIT: that setting also strips non-color-code escape sequences, so no need to worry about translation escapes and other possibilities.

@AliasAlreadyTaken actually it seems like stripping color codes from chat is *not* something that's easy to do in lua, *but* there's a setting https://github.com/minetest/minetest/blob/e66e583f5e42441bdf17cd60f47174166f08e6d1/builtin/settingtypes.txt#L733-L735 `strip_color_codes = true` in minetest.conf EDIT: that setting also strips non-color-code escape sequences, so no need to worry about translation escapes and other possibilities.
AliasAlreadyTaken commented 2023-03-04 18:56:29 +00:00
Owner
Copy Link

This setting is already on true.

This setting is already on true.
flux commented 2023-03-04 19:34:45 +00:00
Author
Member
Copy Link

i've tested the behavior of the following things w/ colored escape sequences:

  • signs (signs_lib and display_modpack)
  • posters
  • mail
  • personal log
  • digilines channels
  • luacontrollers
  • shared chest names

so far as i can tell, escape sequences get stripped (or just don't work) with the vast majority of things, the exceptions being mail and the body of posters, and i don't feel like their usage there could be considered abuse.

so, i think that setting is all we need to do for this.

i've tested the behavior of the following things w/ colored escape sequences: * signs (signs_lib and display_modpack) * posters * mail * personal log * digilines channels * luacontrollers * shared chest names so far as i can tell, escape sequences get stripped (or just don't work) with the vast majority of things, the exceptions being mail and the body of posters, and i don't feel like their usage there could be considered abuse. so, i think that setting is all we need to do for this.
flux commented 2023-03-04 19:36:48 +00:00
Author
Member
Copy Link

This setting is already on true.

oh. so it is O_O. why isn't it working then...

> This setting is already on true. oh. so it is O_O. why isn't it working then...
flux commented 2023-03-04 19:48:36 +00:00
Author
Member
Copy Link

email to Bla:

i can't replicate this; it seems that colors are already stripped when a player sends any message via chat. can you provide more details?
email to Bla: ``` i can't replicate this; it seems that colors are already stripped when a player sends any message via chat. can you provide more details? ```
flux added the
4. step/question
 label 2023-03-04 19:48:46 +00:00
Bla commented 2023-03-04 20:04:19 +00:00
Copy Link

email to Bla:

i can't replicate this; it seems that colors are already stripped when a player sends any message via chat. can you provide more details?

it was a command block, see #3922 (comment)

> email to Bla: > > ``` > i can't replicate this; it seems that colors are already stripped when a player sends any message via chat. can you provide more details? > ``` it was a command block, see https://gitea.your-land.de/your-land/bugtracker/issues/3922#issuecomment-43833
flux commented 2023-03-04 20:12:56 +00:00
Author
Member
Copy Link

closing this as a dupe of #3922, which somehow never saw.

closing this as a dupe of #3922, which somehow never saw.
flux closed this issue 2023-03-04 20:12:56 +00:00
flux added
5. result/duplicate
 and removed
4. step/question
3. source/integration
 labels 2023-03-04 20:13:24 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
1. kind/balancing

Depends on balancing

  
1. kind/breaking

something that alters or disables an existing game mechanic

  
1. kind/bug

Something is not working

  
1. kind/construction

A build needs fixing

  
1. kind/documentation

Needs proper documentation

  
1. kind/enhancement

New feature

  
1. kind/griefing

players despoiling builds or nature

  
1. kind/invalid

Not a valid report, e.g. created by mistake with no content.

  
1. kind/meme

issue is mostly a joke

  
1. kind/node limit

something which works for or against the node limit

  
1. kind/other

Something not within the other kinds

  
1. kind/protocol

something concerning how staff should react to player requests, or how players should treat each other

  
2. prio/controversial

not likely to happen w/out a lot of discussion

  
2. prio/critical

Very important

  
2. prio/elevated

something players are eager to have fixed

  
2. prio/good first issue

the resolution to this is could be done by a new minetest contributor, who doesn't yet understand the mod ecosystem

  
2. prio/interesting

one of us has real interest in getting this implemented or fixed. however, more research might be needed.

  
2. prio/low

Not so important

  
3. source/art

art needs to be created or found for this to exist. includes sound, 3d modelling, and in-game building.

  
3. source/client

Issue is with the minetest client, or with player client configuration or the technical details of their setup

  
3. source/engine

Issue is due to a bug or feature of the minetest engine

  
3. source/ingame

Problem and solution exist in-game, e.g. builds or player moderation

  
3. source/integration

Two or more nonbuggy mechanics conflict, or our attempts to rectify conflicting mechanics have created a new bug

  
3. source/lag

A problem which is caused or made worse by lag, due to server processing issues, client processing issues, or network issues

  
3. source/license

A licensing problem is involved

  
3. source/mod upstream

Problem is upstream (not engine/client)

  
3. source/unknown

   
3. source/website

Affects the website

  
4. step/approved

Alias has approved this feature, someone should implement it

  
4. step/at work

Being worked on

  
4. step/blocked

we plan to do this, but other work has to be finished first

  
4. step/discussion

issue is under discussion, a solution has not been dictated or agreed upon

  
4. step/help wanted

Need some help

  
4. step/needs confirmation

   
4. step/partially fixed

this is mitigated or partially solved, but more work needs to be done

  
4. step/question

More information is needed

  
4. step/ready to deploy

has been QA tested by another person. has no outstanding issues. might be installed on prod, but needs final testing

  
4. step/ready to QA test

the code is supposedly fixed, but needs to be tested.

  
4. step/want approval

Someone can quickly implement this if Alias approves the change/feature

  
5. result/cannot reproduce

   
5. result/duplicate

This issue or pull request already exists

  
5. result/fixed

problem is fixed

  
5. result/maybe

not planned currently, but maybe some day

  
5. result/wontfix

the reported issue won't be changed, whether it's intentional or not.

  
ugh/petz

yet another petz bugz.

  
ugh/QA main

That's something we can only wait and see whether it hapens again: On the main server

  
ugh/QA NOK

Fix didn't yield the expected results

  
ugh/QA OK

tested

No Label
1. kind/balancing
1. kind/breaking
1. kind/bug
1. kind/construction
1. kind/documentation
1. kind/enhancement
1. kind/griefing
1. kind/invalid
1. kind/meme
1. kind/node limit
1. kind/other
1. kind/protocol
2. prio/controversial
2. prio/critical
2. prio/elevated
2. prio/good first issue
2. prio/interesting
2. prio/low
3. source/art
3. source/client
3. source/engine
3. source/ingame
3. source/integration
3. source/lag
3. source/license
3. source/mod upstream
3. source/unknown
3. source/website
4. step/approved
4. step/at work
4. step/blocked
4. step/discussion
4. step/help wanted
4. step/needs confirmation
4. step/partially fixed
4. step/question
4. step/ready to deploy
4. step/ready to QA test
4. step/want approval
5. result/cannot reproduce
5. result/duplicate
5. result/fixed
5. result/maybe
5. result/wontfix
ugh/petz
ugh/QA main
ugh/QA NOK
ugh/QA OK
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: your-land/bugtracker#3925
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?