From 71777138bee8e5671de94ed98cfa9072fa2d2ba8 Mon Sep 17 00:00:00 2001
From: steveseguin <punkrawker@gmail.com>
Date: Fri, 29 Dec 2023 13:23:33 -0500
Subject: [PATCH] fix for vimm's escaping

---
 background.js |  8 ++++----
 manifest.json |  4 ++--
 vimm.js       | 28 ++++++++++++++++++----------
 wss/vimm.js   | 27 +++++++++++++++++----------
 4 files changed, 41 insertions(+), 26 deletions(-)

diff --git a/background.js b/background.js
index 5b905836..211b7b51 100644
--- a/background.js
+++ b/background.js
@@ -2368,10 +2368,10 @@ function highlightWaitlist(n=0){
 function shuffle(array) { // https://stackoverflow.com/questions/2450954/how-to-randomize-shuffle-a-javascript-array
 	var currentIndex = array.length,  randomIndex;
 	while (currentIndex > 0) {
-	randomIndex = Math.floor(Math.random() * currentIndex);
-	currentIndex--;
-	[array[currentIndex], array[randomIndex]] = [
-		array[randomIndex], array[currentIndex]];
+		randomIndex = Math.floor(Math.random() * currentIndex);
+		currentIndex--;
+		[array[currentIndex], array[randomIndex]] = [
+			array[randomIndex], array[currentIndex]];
 	}
 	return array;
 }
diff --git a/manifest.json b/manifest.json
index 0d2f6f61..7ec3c949 100644
--- a/manifest.json
+++ b/manifest.json
@@ -13,7 +13,7 @@
   },
   "content_security_policy": "script-src 'self' ./thirdparty/tf.min.js 'unsafe-eval'; object-src 'self'",
   "permissions": [
-		"webNavigation", "https://socialstream.ninja/wss/*", "https://cozy.tv/*", "https://play.afreecatv.com/*?vtype=chat", "https://kiwiirc.com/nextclient/*", "https://webchat.quakenet.org/*", "https://*.cbox.ws/box/*", "https://tellonym.me/*", "https://*.wix.com/*", "https://chat.castr.io/*", "https://editor.wixapps.net/render/prod/modals/wix-vod-widget/*", "https://www.twitter.com/*", "https://twitter.com/*", "https://app.sli.do/event/*","https://admin.sli.do/event/*", "https://*.rokfin.com/popout/chat/*","https://rokfin.com/popout/chat/*", "https://instafeed.me/*", "https://meet.google.com/*", "https://play.quickchannel.com/*", "https://kick.com/*/chatroom", "https://chatroll.com/embed/chat/*", "https://www.nimo.tv/popout/chat/*", "https://dashboard.nimo.tv/popout/chat/*", "https://*.locals.com/post/*", "https://*.locals.com/feed/*", "https://bilibili.tv/*/live/*", "https://*.minnit.chat/*/Main", "https://*.bilibili.tv/*/live/*", "https://app.clouthub.com/*", "https://piczel.tv/chat/*", "https://*.roll20.net/*", "https://roll20.net/*", "https://*.stageten.tv/*", "https://rumble.com/chat/popup/*", "https://stageten.tv/*", "https://*.workplace.com/*",  "https://multichat.livepush.io/*", "https://minnit.chat/*&popout","https://*.minnit.chat/*&popout", "https://odysee.com/$/popout/*", "https://www.vimm.tv/c/*", "https://studio.mobcrush.com/chatpopup.html", "https://mobcrush.com/*", "https://picarto.tv/chatpopout/*", "https://dlive.tv/c/*","https://web.whatsapp.com/", "https://rumble.com/*", "https://www.youtube.com/watch*","https://www.amazon.com/live*", "https://*.telegram.org/*", "https://*.webex.com/*", "https://webex.com/*", "https://www.linkedin.com/*", "https://*.vdo.ninja/*popout.html*","https://youtube.com/*", "https://www.youtube.com/*", "https://studio.youtube.com/*", "https://*.twitch.tv/*", "https://www.instagram.com/*", "https://livecenter.tiktok.com/*", "https://www.tiktok.com/*live*", "https://chat.restream.io/*", "https://trovo.live/chat/*", "https://facebook.com/*", "https://business.facebook.com/*", "https://web.facebook.com/*", "https://www.facebook.com/*", "https://play.rozy.tv/*", "https://www.crowdcast.io/e/*", "https://*.zoom.us/*", "https://watch.owncast.online/*", "https://discord.com/*", "https://www.mixcloud.com/live/*/chat/",  "https://vimeo.com/live*", "https://www.vimeo.com/live*", "https://teams.live.com/*", "https://teams.microsoft.com/*", "https://livestream.com/accounts/*", "https://*/plugins/livechat/*router/webchat/room/*", "https://app.slack.com/client/*", "https://*.rooter.gg/*", "https://www.nonolive.com/*", "https://www.tradingview.com/streams/*", "https://app.chime.aws/meetings/*", "https://*.loco.gg/*", "https://joystick.tv/u/*/chat","https://www.buzzit.ca/event/*/chat","https://*.floatplane.com/popout/livechat", "https://www.threads.net/*", "https://*.bandlab.com/*", "https://vkplay.live/*/only-chat?*", "https://maestro-launcher.vercel.app/", "https://arena.tv/*","https://vstream.com/v/*/chat-popout", "https://boltplus.tv/chatpopout/*", "https://chat.openai.com/*","https://*.live.space/*","https://live.space/*","https://live.space/popout-chat/*","https://app.livestorm.co/*/live?*", "https://steamcommunity.com/broadcast/chatonly/*", "https://www.whatnot.com/live/*", "https://www.caffeine.tv/*", "https://jaco.live/golive",  "https://www.younow.com/*", "https://app.sessions.us/*", "https://www.shareplay.tv/chat/*", "https://estrim.com/publications/view/*", "storage", "debugger"
+		"webNavigation", "https://socialstream.ninja/wss/*", "https://cozy.tv/*", "https://play.afreecatv.com/*?vtype=chat", "https://kiwiirc.com/nextclient/*", "https://webchat.quakenet.org/*", "https://*.cbox.ws/box/*", "https://tellonym.me/*", "https://*.wix.com/*", "https://chat.castr.io/*", "https://editor.wixapps.net/render/prod/modals/wix-vod-widget/*", "https://www.twitter.com/*", "https://twitter.com/*", "https://app.sli.do/event/*","https://admin.sli.do/event/*", "https://*.rokfin.com/popout/chat/*","https://rokfin.com/popout/chat/*", "https://instafeed.me/*", "https://meet.google.com/*", "https://play.quickchannel.com/*", "https://kick.com/*/chatroom", "https://chatroll.com/embed/chat/*", "https://www.nimo.tv/popout/chat/*", "https://dashboard.nimo.tv/popout/chat/*", "https://*.locals.com/post/*", "https://*.locals.com/feed/*", "https://bilibili.tv/*/live/*", "https://*.minnit.chat/*/Main", "https://*.bilibili.tv/*/live/*", "https://app.clouthub.com/*", "https://piczel.tv/chat/*", "https://*.roll20.net/*", "https://roll20.net/*", "https://*.stageten.tv/*", "https://rumble.com/chat/popup/*", "https://stageten.tv/*", "https://*.workplace.com/*",  "https://multichat.livepush.io/*", "https://minnit.chat/*&popout","https://*.minnit.chat/*&popout", "https://odysee.com/$/popout/*", "https://www.vimm.tv/c/*", "https://vimm.tv/c/*", "https://studio.mobcrush.com/chatpopup.html", "https://mobcrush.com/*", "https://picarto.tv/chatpopout/*", "https://dlive.tv/c/*","https://web.whatsapp.com/", "https://rumble.com/*", "https://www.youtube.com/watch*","https://www.amazon.com/live*", "https://*.telegram.org/*", "https://*.webex.com/*", "https://webex.com/*", "https://www.linkedin.com/*", "https://*.vdo.ninja/*popout.html*","https://youtube.com/*", "https://www.youtube.com/*", "https://studio.youtube.com/*", "https://*.twitch.tv/*", "https://www.instagram.com/*", "https://livecenter.tiktok.com/*", "https://www.tiktok.com/*live*", "https://chat.restream.io/*", "https://trovo.live/chat/*", "https://facebook.com/*", "https://business.facebook.com/*", "https://web.facebook.com/*", "https://www.facebook.com/*", "https://play.rozy.tv/*", "https://www.crowdcast.io/e/*", "https://*.zoom.us/*", "https://watch.owncast.online/*", "https://discord.com/*", "https://www.mixcloud.com/live/*/chat/",  "https://vimeo.com/live*", "https://www.vimeo.com/live*", "https://teams.live.com/*", "https://teams.microsoft.com/*", "https://livestream.com/accounts/*", "https://*/plugins/livechat/*router/webchat/room/*", "https://app.slack.com/client/*", "https://*.rooter.gg/*", "https://www.nonolive.com/*", "https://www.tradingview.com/streams/*", "https://app.chime.aws/meetings/*", "https://*.loco.gg/*", "https://joystick.tv/u/*/chat","https://www.buzzit.ca/event/*/chat","https://*.floatplane.com/popout/livechat", "https://www.threads.net/*", "https://*.bandlab.com/*", "https://vkplay.live/*/only-chat?*", "https://maestro-launcher.vercel.app/", "https://arena.tv/*","https://vstream.com/v/*/chat-popout", "https://boltplus.tv/chatpopout/*", "https://chat.openai.com/*","https://*.live.space/*","https://live.space/*","https://live.space/popout-chat/*","https://app.livestorm.co/*/live?*", "https://steamcommunity.com/broadcast/chatonly/*", "https://www.whatnot.com/live/*", "https://www.caffeine.tv/*", "https://jaco.live/golive",  "https://www.younow.com/*", "https://app.sessions.us/*", "https://www.shareplay.tv/chat/*", "https://estrim.com/publications/view/*", "storage", "debugger"
   ],
   "browser_action": {
         "default_popup": "popup.html"
@@ -213,7 +213,7 @@
 	  },
 	  {
 		"js": ["vimm.js"],
-		"matches": ["https://www.vimm.tv/c/*"]
+		"matches": ["https://www.vimm.tv/c/*", "https://vimm.tv/c/*"]
 	  },
 	  {
 		"js": ["wss/vimm.js"],
diff --git a/vimm.js b/vimm.js
index 64dd8f72..e9f84a61 100644
--- a/vimm.js
+++ b/vimm.js
@@ -14,18 +14,26 @@
 	  xhr.send();
 	}
 	
-	function escapeHtml(unsafe){
+	function escapeHtml(unsafe) {
 		try {
-			if (settings.textonlymode){ // we can escape things later, as needed instead I guess.
-				return unsafe;
+			
+			// Unescape the text
+			var tempDiv = document.createElement('div');
+			tempDiv.innerHTML = unsafe;
+			var unescapedText = tempDiv.textContent || tempDiv.innerText || "";
+			
+			if (settings.textonlymode) {
+				return unescapedText;
 			}
-			return unsafe
-				 .replace(/&/g, "&amp;")
-				 .replace(/</g, "&lt;")
-				 .replace(/>/g, "&gt;")
-				 .replace(/"/g, "&quot;")
-				 .replace(/'/g, "&#039;") || "";
-		} catch(e){
+
+			// Re-escape the text
+			return unescapedText
+				.replace(/&/g, "&amp;")
+				.replace(/</g, "&lt;")
+				.replace(/>/g, "&gt;")
+				.replace(/"/g, "&quot;")
+				.replace(/'/g, "&#039;") || "";
+		} catch (e) {
 			return "";
 		}
 	}
diff --git a/wss/vimm.js b/wss/vimm.js
index 8f9b891c..74ec2bc4 100644
--- a/wss/vimm.js
+++ b/wss/vimm.js
@@ -13,18 +13,25 @@ function toDataURL(url, callback) {
   xhr.send();
 }
 
-function escapeHtml(unsafe){
+function escapeHtml(unsafe) {
 	try {
-		if (settings.textonlymode){ // we can escape things later, as needed instead I guess.
-			return unsafe;
+		// Unescape the text
+		var tempDiv = document.createElement('div');
+		tempDiv.innerHTML = unsafe;
+		var unescapedText = tempDiv.textContent || tempDiv.innerText || "";
+		
+		if (settings.textonlymode) {
+			return unescapedText;
 		}
-		return unsafe
-			 .replace(/&/g, "&amp;")
-			 .replace(/</g, "&lt;")
-			 .replace(/>/g, "&gt;")
-			 .replace(/"/g, "&quot;")
-			 .replace(/'/g, "&#039;") || "";
-	} catch(e){
+
+		// Re-escape the text
+		return unescapedText
+			.replace(/&/g, "&amp;")
+			.replace(/</g, "&lt;")
+			.replace(/>/g, "&gt;")
+			.replace(/"/g, "&quot;")
+			.replace(/'/g, "&#039;") || "";
+	} catch (e) {
 		return "";
 	}
 }