strip all illegal characters

diff --git a/ND/Web/Forum.pm b/ND/Web/Forum.pm
index a7804744ddf7bab6a02e944e14d2e742c12ba463..6b122c67e30122e36a8a11320db66388bb339179 100644 (file)
--- a/ND/Web/Forum.pm
+++ b/ND/Web/Forum.pm
@@ -58,7 +58,11 @@ ORDER BY fp.time ASC
                my $text = parseMarkup(escapeHTML(param('message')));
                $text .= p b $@ if $@;
                push @posts,{message => $text, unread => 1, username => 'PREVIEW', Time => 'Not submitted yet', NewPosts => $old ? 1 : 0};
-               $template->param(Message => escapeHTML param('message'));
+
+               $text = escapeHTML param('message');
+               $text =~ s/\x{3}\d\d?//g; #mirc color TODO: possibly match until \x{0F} and change to [color] block
+               $text =~ s/[^\x{9}\x{A}\x{D}\x{20}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]//g;
+               $template->param(Message => $text);
        }
        $template->param(Posts => \@posts);
 

diff --git a/ND/Web/XMLPage.pm b/ND/Web/XMLPage.pm
index b7e70151488fe02f7d40c349e13aa8fe0c0e0fb5..853ef42e7e48a1019f9f90c025da0fa3fc6947b1 100644 (file)
--- a/ND/Web/XMLPage.pm
+++ b/ND/Web/XMLPage.pm
@@ -129,6 +129,7 @@ sub render : method {
        $template->param(Error => $ND::ERROR);
        $template->param(BODY => $body->output);
        my $output = $template->output;
+       $output =~ s/[^\x{9}\x{A}\x{D}\x{20}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]//g;
        print header(-type=> $type, -charset => 'utf-8', -Content_Length => length $output);
        print $output;
 };