I created an ephemeral group chat app for strangers

[+] Banditoz|2 years ago|reply

Neat little project, but you can pass HTML tags directly into the chat! <script> doesn't seem to run, but <img> can load from external sites. Be careful!

[+] tejitopia|2 years ago|reply

How can I fix this? this is my first full stack app I've built and it's nice seeing users interact with the site

[+] mariansam|2 years ago|reply

Lots of awful porn gifs spam, even from my account because there are security issues that allowed other group members to send messages with my nick

[+] pringk02|2 years ago|reply

Really wanted to enjoy this, but it seemed like the room size of 5 was way too small. People would pop in and out endlessly hoping for some bustle but none seemed to be able to build.

What chat I did get really recreated the 14 year old edgelords in chatrooms experience though. Lots of porn gif spamming

[+] tejitopia|2 years ago|reply

Perhaps I might increase room limit to 10 users?

I'm trying to replicate the feeling of a hostel commonroom

[+] nusl|2 years ago|reply

Beyond broken and unsuitable for public release. Take it down and fix it.

[+] tejitopia|2 years ago|reply

Wow. It was working great at the start before people started spamming nsfw content and injecting html and css into the page. Will be taking down the site in the morning and working on version 2. I guess from this I can say there’s some demand?

[+] flanked-evergl|2 years ago|reply

You should disable gif/image rendering by default and make it opt-in, this is basically a link to porn right now and HN should take it down.

[+] jjbinx007|2 years ago|reply

2 observations:

I couldn't figure out what my username was, I had to ask in the chat.

It's possible to embed recursive iframes, so I can see that being exploited for bad things.

Otherwise I like the idea. People in the chat were nice, but I can't help but think that soon chat rooms will be full of chatGPT bots and nobody will be any the wiser!

[+] tejitopia|2 years ago|reply

Thank you for the feedback!

So far from users I've heard they want:

1) username visibility fix making sure all colors are visible 2) removal of xss 3) ability to see your own username (its just "you" rn) 4) dark mode

open to any and all suggestions :) my first full stack app. its cool seeing it being used

[+] acheong08|2 years ago|reply

[+] bossyTeacher|2 years ago|reply

what about it? you can't insert an iframe in the chat, I tried ;)

[+] bagels|2 years ago|reply

Site is susceptible to some kind of css attack. Too bad.

[+] unknown|2 years ago|reply

[deleted]

[+] tejitopia|2 years ago|reply

How can I fix this?

[+] gtroja|2 years ago|reply

I was having fun, but the message feed started bugging out :( (a lot of messages of broken images and 'meow' text)

[+] unknown|2 years ago|reply

[deleted]

[+] someuser54541|2 years ago|reply

Some user was able to open a browser modal with a custom message in everyones browser. Any ideas how they did that?

[+] bean-weevil|2 years ago|reply

https://en.wikipedia.org/wiki/Cross-site_scripting

The author of the site was naughty and didn't do any sanitization :) They said they've fixed it in another comment, though.

36 comments