From d6bd4cc103dc5678d045b179bcd052dec76012c5 Mon Sep 17 00:00:00 2001
From: rob <rob@digitaltelepresence.com>
Date: Sat, 30 Jul 2022 03:10:22 -0400
Subject: [PATCH] add filterText service method to strip HTML tags and Zalgo
 text

---
 app/services/chat.js | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/services/chat.js b/app/services/chat.js
index 1734766..f8e8a25 100644
--- a/app/services/chat.js
+++ b/app/services/chat.js
@@ -8,7 +8,8 @@ const mongoose = require('mongoose');
 const ChatMessage = mongoose.model('ChatMessage');
 
 const ioEmitter = require('socket.io-emitter');
-
+const striptags = require('striptags');
+const unzalgo = require('unzalgo');
 
 const { SiteService } = require('../../lib/site-lib');
 
@@ -44,6 +45,17 @@ class ChatService extends SiteService {
       params: { messageId: message._id },
     });
   }
+
+  /**
+   * Filters an input string to remove "zalgo" text and to strip all HTML tags.
+   * This prevents cross-site scripting and the malicious destruction of text
+   * layouts.
+   * @param {String} content The text content to be filtered.
+   * @returns the filtered text
+   */
+  filterText (content) {
+    return striptags(unzalgo.clean(content.trim()));
+  }
 }
 
 module.exports = {