Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

echo command no longer returns html tags #28

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dominicbraam
Copy link

Description

As stated in issue 25, you can insert html tags into the prompt and it will act as intended.

Fix

The replace function was used to replace html tags with "". On linux, by default, it does not parse characters like < and would need to escape it. Example:

2022-06-22-102033_804x217_scrot

For now it is a simple fix but as the other commands have cheesy responses, maybe instead of "removing" the tags and still outputting the text within them, respond with "Nice try!" ?

Closes: #25

@dhaloi
Copy link

dhaloi commented May 18, 2024

okay i might be a little late but i hope others see it.

export const echo = async (args: string[]): Promise<string> => {
  const string = args.join(' ');
  const regex = /<(?:(?:(?:(script|style|object|embed|applet|noframes|noscript|noembed)(?:\s+(?:"[\S\s]*?"|'[\S\s]*?'|(?:(?!\/>)[^>])?)+)?\s*>)[\S\s]*?<\/\1\s*(?=>))|(?:\/?[\w:]+\s*\/?)|(?:[\w:]+\s+(?:"[\S\s]*?"|'[\S\s]*?'|[^>]?)+\s*\/?)|\?[\S\s]*?\?|(?:!(?:(?:DOCTYPE[\S\s]*?)|(?:\[CDATA\[[\S\s]*?\]\])|(?:--[\S\s]*?--)|(?:ATTLIST[\S\s]*?)|(?:ENTITY[\S\s]*?)|(?:ELEMENT[\S\s]*?))))>/g;

  if (regex.test(string)) {
    return "nice try lmao";
  }

  return string.replace(regex, "");
};

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

echo command could expose app for script injection sort of...
2 participants