Skip to content

Update chat.ts #190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ajatshatru01 wants to merge 1 commit into from
Closed

Update chat.ts #190

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions backend/src/chat/chat.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// server/chat.ts
import type { Server, Socket } from "socket.io";

import escapeHtml from "escape-html"; // npm install escape-html
Copy link

@coderabbitai coderabbitai bot Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | πŸ”΄ Critical

🧩 Analysis chain

Verify that the escape-html dependency is installed.

Ensure that escape-html has been added to package.json dependencies. Without it, the application will fail at runtime with a module not found error.

Run the following script to verify the dependency exists:

🏁 Script executed:

#!/bin/bash
# Description: Check if escape-html is listed in package.json dependencies

cat package.json | jq '.dependencies["escape-html"], .devDependencies["escape-html"]'

Length of output: 44

🏁 Script executed:

#!/bin/bash
# Find package.json files and check escape-html dependency

# Locate all package.json files
echo "=== Locating package.json files ==="
fd -type f -name "package.json"

echo ""
echo "=== Checking backend/package.json for escape-html ==="
if [ -f "backend/package.json" ]; then
  cat backend/package.json | jq '.dependencies["escape-html"], .devDependencies["escape-html"]'
else
  echo "backend/package.json not found"
fi

Length of output: 271

🏁 Script executed:

#!/bin/bash
# Display backend/package.json to confirm escape-html is missing

echo "=== Contents of backend/package.json ==="
cat backend/package.json | jq '.' | head -30

Length of output: 756

Add escape-html to backend/package.json dependencies.

The import statement on line 3 references the escape-html package, but it is not listed in backend/package.json dependencies. This will cause a module not found error at runtime. Add "escape-html": "^1.4.2" (or appropriate version) to the dependencies section in backend/package.json.

πŸ€– Prompt for AI Agents 
In backend/src/chat/chat.ts around line 3, the code imports "escape-html" but
backend/package.json does not list it as a dependency; add "escape-html":
"^1.4.2" (or an appropriate version) to the "dependencies" section of
backend/package.json, run npm install (or yarn) to update package-lock.json (or
yarn.lock), and commit the updated package.json and lockfile so the module is
available at runtime.

// --- Simple in-memory per-room history ---
type HistItem = {
text: string;
Expand Down Expand Up @@ -72,8 +72,11 @@ export function wireChat(io: Server, socket: Socket) {
// Broadcast a message to everyone in the chat room
socket.on("chat:message", (payload: ChatMessagePayload) => {
const { roomId, text, from, clientId, ts } = payload || {};
const safeText = (text || "").toString().trim().slice(0, 1000);
if (!roomId || !safeText) return;

if (!roomId || !text || !from) return;
let safeText = text.toString().trim();
safeText = safeText.slice(0, 1000);
safeText = escapeHtml(safeText);
Comment on lines +76 to +79
Copy link

@coderabbitai coderabbitai bot Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟑 Minor

Validate text after trimming to prevent empty messages.

The current validation checks !text before trimming (line 76), but trimming happens afterward (line 77). This allows messages containing only whitespace (e.g., " ") to pass validation, resulting in empty messages being broadcast and stored after trimming.

Apply this diff to fix the validation order:

-     
-    if (!roomId || !text || !from) return;
-    let safeText = text.toString().trim();
+    if (!roomId || !from) return;
+    let safeText = text?.toString().trim();
+    if (!safeText) return;
     safeText = safeText.slice(0, 1000);
     safeText = escapeHtml(safeText);

Committable suggestion skipped: line range outside the PR's diff.

πŸ€– Prompt for AI Agents 
In backend/src/chat/chat.ts around lines 76 to 79, the code validates `text`
before trimming which lets whitespace-only messages pass; change the order so
you convert to string and trim first, then validate the trimmed result (return
if empty), then apply the 1000-char slice and escapeHtml. Ensure the validation
checks the trimmed string (e.g., `if (!roomId || !from || safeText.length === 0)
return`) so messages that are only whitespace are rejected.


const final = {
text: safeText,
Expand Down Expand Up @@ -123,4 +126,4 @@ export function wireChat(io: Server, socket: Socket) {
}
}
});
}
}