Scratch-www: Messages - Handle user-generated text overflow & sanitization

Created on 25 Sep 2017  路  6Comments  路  Source: LLK/scratch-www

Diacritics such as "zalgo text" can overflow various notifications on the messages page.

image

bug security

All 6 comments

I'd say (for the zalgo text issue) make the speech bubble set to overflow:hidden?

Also consider that RTL override characters used to make the messages page look weird. (This isn't a problem on the new Messages page, but it's still worth thinking about when migrating other pages which contain user-generated text.)

@Kenny2github This isn't just for the speech bubble, but for every custom text a user can choose (invite to studio called x, new activity in studio/topic x, etc)

Interestingly enough, according to that screenshot, the text goes behind notifications that came before it, but in front of notifications that came after it.

That's probably just z-index @Kenny2github

@WorldLanguages Then all of those fields also need overflow: hidden;

I guess I should note that sanitization is more complex than "no combining characters" because languages other than English do use diacritics and other combining characters that are needed.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

thisandagain picture thisandagain  路  3Comments

apple502j picture apple502j  路  4Comments

kathymakes picture kathymakes  路  3Comments

apple502j picture apple502j  路  4Comments

Kenny2github picture Kenny2github  路  3Comments