Allows only specific unicode characters for username

Added a function to remove all characters apart from characters which fall under the unicode categories of letters and numbers. Also added a list of allowed special characters.
2025-01-09 19:27:28 -03:00 · 2024-03-08 20:50:37 +05:30 · 2024-03-08 20:50:37 +05:30 · ad61786b0f
commit ad61786b0f
parent fe7bd43f04
1 changed files with 20 additions and 2 deletions
--- a/cli/onionshare_cli/web/chat_mode.py
+++ b/cli/onionshare_cli/web/chat_mode.py
@ -17,6 +17,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
+import unicodedata

 from flask import request, render_template, make_response, jsonify, session
 from flask_socketio import emit, ConnectionRefusedError
@ -47,11 +48,28 @@ class ChatModeWeb:

        self.define_routes()

+    def remove_unallowed_characters(self, text):
+        allowed_unicode_categories = [
+            'L',    # All letters
+            'N',    # All numbers
+        ]
+        allowed_special_characters = [
+            '-',    # dash
+            '_',    # underscore
+            ' ',    # single space
+        ]
+
+        def allowed_character(ch):
+            return unicodedata.category(ch)[0] in allowed_unicode_categories or ch in allowed_special_characters
+
+        return "".join(
+            ch for ch in text if allowed_character(ch)
+        )
+
    def validate_username(self, username):
-        username = username.strip()
+        username = self.remove_unallowed_characters(username.strip())
        return (
            username
-            and username.isascii()
            and username not in self.connected_users
            and len(username) < 128
        )