Source.Python forums


https://www.sourcepython.com/

Remove Unsafe Characters

https://www.sourcepython.com/viewtopic.php?f=20&t=1305

Page 1 of 1

Remove Unsafe Characters

Posted: Tue Aug 23, 2016 9:39 am
by decompile
Hey,

Im currently on thinking about adding a "player connect/disconnect announcer" and thought about what fixes are needed since players can completly modify their names.

After abit of google research I created a function which returns a save name which i can use in Saytext2

Syntax: Select all

unsafeLetters = [r"\a", r"\b", r"\f", r"\n", r"\r", r"\t", r"\v", r"%s"]
def getSaveString(string):
    """ Strips colorcodes and newlinecharacters"""
    newstring = ""
    for x in string:
        if ord(x) > 8:
            newstring += x
    newstring = repr(newstring)
    for x in unsafeLetters:
        newstring = newstring.replace(x, r"\\"+x)
    newstring = eval(newstring)
    return newstring


I havent tested it yet. + I dont know what happens when a player joins with "%s"

Re: Remove Unsafe Characters

Posted: Tue Aug 23, 2016 5:44 pm
by kalle
Wouldn't it be easier to allow only certain characters? Would be better to allow things you know that there are not harmful, eg a-zA-Z0-9-_ and so on. Is called regular expressions and should work beautiful with python :)

Re: Remove Unsafe Characters

Posted: Tue Aug 23, 2016 6:10 pm
by arawra
If you're worried about unsafe characters, you may also want to replace many unicode characters.

Re: Remove Unsafe Characters

Posted: Wed Aug 24, 2016 12:45 am
by decompile
I guess there are no other unsafe characters than those above. Maybe %s needs to be fixed kinda, seems it doesnt work with the top function.

Lets take an example connect message.

PlayerName: %s test

Code: Select all

Player %s test connected from Reserved.


Using this in a SayText2 message, just prints me

Code: Select all

Player


So how could I actually prevent this message to get corrupted without replacing %s

Re: Remove Unsafe Characters

Posted: Wed Aug 24, 2016 5:22 pm
by iPlayer

Syntax: Select all

from filters.players import PlayerIter
from messages import SayText2


def load():
    for player in PlayerIter('human'):
        SayText2("Player {} connected from Reserved.".format(player.name)).send(player.index)
        break

Works fine for me.
As for color codes, I haven't been able to include "\x07" byte nor, for example, "\x02" byte in my steam nickname. It was just stripped. I tried both desktop app and web interface.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/