Add exception handling to HTML escaping in compatibility modes with RipURQ and URQ_DOS

Author: tseykovets

js/Client.js

@@ -169,13 +169,13 @@ Client.prototype.drawText = function () {
     this.crtlTextField.empty();
 
     $.each(GlobalPlayer.text, function(index, text) {
+        var content = text[0];
         // RipURQ and URQ_DOS do not support HTML
-        var div;
         if (['ripurq', 'dosurq'].includes(Game.getVar('urq_mode'))) {
-            div = $('<div>').text(text[0]);
-        } else {
-            div = $('<div>').html(text[0]);
+            // <br> tag can be generated by #/$ construct from URQL code
+            content = getEscapedHtmlWithAllowedTags(content, ['br']);
         }
+        var div = $('<div>').html(content);
 
         if (div.find('*:not(a, s, b, small, span, q, i)').length == 0) {
             div.addClass('text');
@@ -249,7 +249,8 @@ Client.prototype.drawButtons = function () {
             var description = button.desc;
             // RipURQ and URQ_DOS do not support HTML
             if (['ripurq', 'dosurq'].includes(Game.getVar('urq_mode'))) {
-                description = $('<div>').text(description).html();
+                // <br> tag can be generated by #/$ construct from URQL code
+                description = getEscapedHtmlWithAllowedTags(description, ['br']);
             }
             if (settings['numeric_keys']) {
                 description = '<b>' + (index + 1) + ':</b> ' + description;

js/tools.js

@@ -153,6 +153,46 @@ function murmurhash3_32(str) {
     }
 }
 
+/**
+ * @param {string} content with HTML
+ * @param {array} allowed tags
+ */
+function getEscapedHtmlWithAllowedTags(html, allowedTags) {
+    if (!allowedTags || !Array.isArray(allowedTags)) {
+        allowedTags = [];
+    }
+
+    // Regular expression for searching tags and text
+    var tagRegex = /<([^>]+)>|[^<>]+/g;
+
+    // Function to process each part
+    function processPart(match) {
+        // If it is a tag
+        if (match.startsWith('<')) {
+            var content = match.slice(1, -1);
+            var tagName = content.match(/^\/?\s*([a-zA-Z]+)/);
+            
+            if (tagName && allowedTags.includes(tagName[1].toLowerCase())) {
+                return match; // Return the tag as is
+            }
+            
+            // Escape disallowed tag
+            return match
+                .replace(/</g, '&lt;')
+                .replace(/>/g, '&gt;');
+        }
+        
+        // If it is text, escape only the necessary characters
+        return $('<div>')
+            .text(match)
+            .html()
+            .replace(/&amp;/g, '&'); // Restore ampersands
+    }
+
+    // Split the HTML into parts and process each one
+    return html.replace(tagRegex, processPart);
+}
+
 /**
  * @param {string} value
  */